Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Concepts

What is Patch Latency

Patch latency is the gap between a fix existing and the fix running in production. Here's how to measure it honestly, why it balloons, and how teams get it under 30 days.

Aug 17, 20257 min read
DevSecOps

How Snyk CLI's --severity-threshold and --fail-on flags g...

How Snyk CLI severity-threshold and fail-on flags filter and gate vulnerability findings, plus exit codes and common CI/CD misconfigurations.

Aug 17, 20257 min read
Industry Analysis

How the Snyk CLI's JSON output format supports custom too...

A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.

Aug 17, 20257 min read
Industry Analysis

How snyk-to-html converts CLI scan results into shareable...

A technical look at how snyk-to-html converts Snyk CLI JSON scan output into shareable, self-contained HTML reports for CI pipelines and audits.

Aug 17, 20258 min read
DevSecOps

How Snyk's GitLab CI/CD template integrates security gate...

A technical look at how Snyk's GitLab CI/CD template authenticates, scans, and uses severity thresholds to block merge requests with known vulnerabilities.

Aug 16, 20257 min read
Product

How Snyk integrates with Jenkins to fail builds on new vu...

A mechanical look at how the Snyk Jenkins plugin scans manifests, applies severity thresholds, and turns newly disclosed vulnerabilities into failed builds.

Aug 16, 20257 min read
DevSecOps

How Snyk's Azure Pipelines and Bitbucket Pipelines integr...

Snyk's CLI, Azure Pipelines extension, and Bitbucket pipe handle auth, gating, and reporting differently — here's how each mechanism actually works under the hood.

Aug 15, 20257 min read
DevSecOps

How the Snyk CLI's exit codes are structured for CI/CD fa...

A mechanical look at how the Snyk CLI's 0/1/2/3 exit codes work, how --severity-threshold and --fail-on change them, and how to branch on them correctly in CI/CD.

Aug 15, 20257 min read
Product

How Snyk's --project-tags and business-criticality flags ...

How Snyk CLI's --project-tags and --project-business-criticality flags attach business context to scans, and why that context can drift out of date.

Aug 14, 20257 min read
DevSecOps

DevOps Research and Assessment (DORA): The Four Metrics Explained

DevOps Research and Assessment (DORA) distilled a decade of research into four metrics that predict software delivery performance — here's what they measure and how security work actually affects them.

Aug 12, 20255 min read
Open Source Security

Why 'Time to Fix' Is a Better Supply Chain Metric Than Vu...

Vulnerability counts measure how hard you're looking, not how exposed you are. Here's why mean time to remediate is the metric that actually predicts breach risk.

Aug 12, 20259 min read
Open Source Security

How Package Manager Design Choices Influence Supply Chain...

npm, PyPI, RubyGems, Go, and Cargo each made different design bets on install scripts, namespacing, and signing — and those bets directly shape supply chain attack surface.

Aug 11, 20258 min read
devsecops (Page 45) — Safeguard Blog