Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

AI Security

Techniques for verifying model weight integrity and detec...

A practical guide to model weight integrity: baseline checksums, sign weights, verify in CI/CD, and detect tampering before it reaches production.

Dec 16, 20258 min read
Industry Analysis

Practical steps to secure third-party WebAssembly plugins...

A step-by-step guide to securing third-party WebAssembly plugins in production: sandboxing, capability restriction, resource limits, provenance checks, and runtime monitoring.

Dec 10, 20258 min read
Best Practices

The Secure Software Development Lifecycle in 2025: What Actually Changed

A practical look at how SSDLC practices evolved in 2025, what worked, what failed, and why most organizations are still getting the basics wrong.

Dec 8, 20257 min read
Vulnerability Analysis

CI/CD pipeline supply chain attacks explained

A breakdown of how CI/CD supply chain attacks work, from SolarWinds to the 2025 tj-actions/changed-files breach, and how to detect and stop them.

Dec 7, 20256 min read
Vulnerability Analysis

Terraform infrastructure-as-code misconfiguration explained

Terraform misconfigurations — not zero-days — cause most cloud breaches. Here's how they happen, real incidents they caused, and how to catch them pre-deploy.

Dec 3, 20257 min read
Vulnerability Management

The ROI of Vulnerability Remediation Automation: Numbers That Justify the Investment

Manual vulnerability remediation costs more than most organizations realize. Breaking down the real costs, time savings, and risk reduction that automation delivers.

Dec 1, 20257 min read
DevSecOps

The tj-actions/changed-files GitHub Action Supply Chain C...

CVE-2025-30066 exposed how a compromised tj-actions/changed-files GitHub Action leaked CI/CD secrets into build logs across 23,000+ repos. Timeline, impact, and fixes.

Dec 1, 20258 min read
DevSecOps

Jenkins Stapler Unauthenticated RCE Mass-Exploited for Cr...

CVE-2018-1000861 let attackers hit Jenkins Stapler unauthenticated, planting cryptomining malware on exposed CI/CD build servers across the internet.

Nov 26, 20257 min read
DevSecOps

Jenkins CLI Java Deserialization Remote Code Execution (C...

CVE-2017-1000353 let attackers gain unauthenticated RCE on Jenkins via CLI Java deserialization. Here's the impact, timeline, and how to remediate it.

Nov 26, 20258 min read
DevSecOps

Jenkins Remote Code Execution via Groovy Metaclass (CVE-2...

CVE-2016-0792 let attackers bypass Jenkins' deserialization blacklist using Groovy's metaclass to achieve unauthenticated remote code execution via the CLI.

Nov 26, 20259 min read
DevSecOps

Jenkins CLI Deserialization RCE via Commons-Collections G...

CVE-2015-8103: unauthenticated RCE in Jenkins CLI via a Commons-Collections deserialization gadget chain. Impact, timeline, and remediation.

Nov 26, 20259 min read
DevSecOps

Jenkins Script Security Sandbox Bypass Leading to RCE (CV...

CVE-2019-1003029 let attackers escape the Jenkins Script Security sandbox and execute arbitrary code via crafted Groovy pipeline scripts.

Nov 25, 20258 min read
devsecops (Page 39) — Safeguard Blog