Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Containers

Scanning Docker Images for Vulnerabilities: How To

Knowing how to scan Docker images for vulnerabilities before they ship is the difference between catching a known CVE in CI and finding it in an incident report.

Sep 16, 20255 min read
Application Security

Why Snyk Code's semantic approach produces fewer false po...

Snyk Code cuts SAST false positives using semantic analysis: AST/data-flow graphs plus ML trained on real code, not regex patterns. Here is how the mechanics work.

Sep 13, 20257 min read
Application Security

How Snyk Code's PR and MR checks block merges on newly in...

A mechanical look at how Snyk Code's pull and merge request checks isolate net-new vulnerabilities from pre-existing debt and gate merges on policy.

Sep 11, 20257 min read
Application Security

How Snyk Code's incremental scanning speeds up repeated s...

Snyk Code speeds up repeat SAST scans on large codebases by re-analyzing only changed files instead of the whole repository each time.

Sep 10, 20257 min read
Container Security

How Snyk Container's static filesystem analysis avoids th...

How Snyk Container inspects image layers, package databases, and lockfiles without ever running the container — and where static filesystem analysis hits its limits.

Sep 6, 20258 min read
Container Security

How Snyk's Docker Desktop Extension scans images before t...

How Snyk's Docker Desktop extension scans local images for CVEs before push, what it can and can't detect, and where it fits with CI and registry scanning.

Sep 4, 20257 min read
Security Concepts

Application Security vs Network Security: Where the Line Is

Application security vs network security comes down to what layer you're defending — code and logic versus traffic and perimeter — and most breaches now happen in the gap between them.

Sep 3, 20255 min read
Cloud Security

How Snyk IaC scans a Terraform Plan JSON file to catch dr...

How Snyk IaC parses Terraform plan JSON's resource_changes to catch drift and misconfigurations before terraform apply — the mechanics, limits, and what it can't see.

Sep 2, 20257 min read
Cloud Security

How Snyk IaC handles Terraform modules and remote module ...

How Snyk IaC statically parses Terraform, resolves local modules inline, and why remote Registry or Git modules stay unexpanded until a Terraform plan is scanned.

Aug 31, 20257 min read
Open Source Security

How Snyk's .snyk file structures ignore rules with expiry...

How Snyk's .snyk file encodes vulnerability ignore rules using reason and expiry date fields, and what happens in CI once an exception lapses.

Aug 23, 20257 min read
DevSecOps

DevOps Maturity Models, Explained

What a devops maturity model actually measures, why devops mttr alone is a weak proxy for maturity, and how teams can measure whether devops delivery value is improving.

Aug 21, 20255 min read
AppSec

Source Code Security Scanning Programs That Scale

A source code security scanning program that works for 20 repos usually breaks at 200 — here's how to design one that scales with the number of teams, not just the number of scans.

Aug 19, 20256 min read
devsecops (Page 44) — Safeguard Blog