devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
What is Patch Latency
Patch latency is the gap between a fix existing and the fix running in production. Here's how to measure it honestly, why it balloons, and how teams get it under 30 days.
How Snyk CLI's --severity-threshold and --fail-on flags g...
How Snyk CLI severity-threshold and fail-on flags filter and gate vulnerability findings, plus exit codes and common CI/CD misconfigurations.
How the Snyk CLI's JSON output format supports custom too...
A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.
How snyk-to-html converts CLI scan results into shareable...
A technical look at how snyk-to-html converts Snyk CLI JSON scan output into shareable, self-contained HTML reports for CI pipelines and audits.
How Snyk's GitLab CI/CD template integrates security gate...
A technical look at how Snyk's GitLab CI/CD template authenticates, scans, and uses severity thresholds to block merge requests with known vulnerabilities.
How Snyk integrates with Jenkins to fail builds on new vu...
A mechanical look at how the Snyk Jenkins plugin scans manifests, applies severity thresholds, and turns newly disclosed vulnerabilities into failed builds.
How Snyk's Azure Pipelines and Bitbucket Pipelines integr...
Snyk's CLI, Azure Pipelines extension, and Bitbucket pipe handle auth, gating, and reporting differently — here's how each mechanism actually works under the hood.
How the Snyk CLI's exit codes are structured for CI/CD fa...
A mechanical look at how the Snyk CLI's 0/1/2/3 exit codes work, how --severity-threshold and --fail-on change them, and how to branch on them correctly in CI/CD.
How Snyk's --project-tags and business-criticality flags ...
How Snyk CLI's --project-tags and --project-business-criticality flags attach business context to scans, and why that context can drift out of date.
DevOps Research and Assessment (DORA): The Four Metrics Explained
DevOps Research and Assessment (DORA) distilled a decade of research into four metrics that predict software delivery performance — here's what they measure and how security work actually affects them.
Why 'Time to Fix' Is a Better Supply Chain Metric Than Vu...
Vulnerability counts measure how hard you're looking, not how exposed you are. Here's why mean time to remediate is the metric that actually predicts breach risk.
How Package Manager Design Choices Influence Supply Chain...
npm, PyPI, RubyGems, Go, and Cargo each made different design bets on install scripts, namespacing, and signing — and those bets directly shape supply chain attack surface.