Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Open Source Security

Auditing Elixir and Phoenix apps with mix_audit and Sobelow

A hands-on mix_audit Sobelow tutorial for scanning Elixir and Phoenix apps: dependency audits, static analysis, CI wiring, and triage tips.

Feb 1, 20267 min read
DevSecOps

Renovate vs Dependabot: Enterprise Rollout Playbook for 2026

How to choose between Renovate and Dependabot for enterprise dependency automation in 2026, with rollout patterns, failure modes, and migration paths.

Jan 30, 20265 min read
AI Security

Claude Code Coding Agent: Security Posture Review

A working review of Claude Code's security posture, sandboxing model, and the practical controls enterprises need to deploy it safely at scale.

Jan 30, 20265 min read
Open Source Security

Swift Package Manager dependency resolution and pinning s...

SPM trusts mutable git tags, not signed artifacts. Here's how dependency resolution, Package.resolved integrity, and pinning gaps expose Swift apps to supply chain attacks.

Jan 30, 20266 min read
Industry Analysis

The Case for Autonomous Remediation Now

Manual patching is a losing race against the rate of new vulnerabilities. Autonomous remediation is not a future technology — it is the only workflow that keeps pace with modern supply chains.

Jan 29, 20267 min read
Research

Reachability Noise Reduction: Findings

The Safeguard Research team ran reachability analysis across a large corpus of real codebases. This is what we learned about which CVEs actually matter.

Jan 29, 20267 min read
Application Security

What Are Secure Coding Standards

Secure coding standards are enforceable rules — like OWASP and CERT — that stop specific CWEs before code ships. Here's what they cover and how to enforce them.

Jan 29, 20267 min read
DevSecOps

Jira and Docker: Integrating Security Workflows

Jira docker integration for security teams usually means auto-filing tickets from container scan findings — here's how to wire it without flooding the backlog with noise.

Jan 28, 20265 min read
DevSecOps

SBOM Review in Pull Request Workflows

An SBOM that arrives after merge is a compliance artifact. An SBOM that shows up in the PR is a security control. Here is how to wire it up without killing velocity.

Jan 28, 20266 min read
DevSecOps

DevOps Pipeline Tools: A Buyer's Map by Stage

DevOps pipeline tools cluster around six stages of the software lifecycle — mapping a shortlist to the stage it actually serves prevents the most common buying mistake: overlap without coverage.

Jan 27, 20265 min read
Best Practices

What is Defense in Depth

Defense in depth stacks independent security layers—source, build, dependencies, artifacts, runtime—so no single failure causes a breach.

Jan 27, 20267 min read
Best Practices

What is Credential Rotation

Credential rotation limits how long a leaked API key, password, or token stays valid. Here's how it works, how often to do it, and why automation matters.

Jan 26, 20266 min read
devsecops (Page 35) — Safeguard Blog