Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Industry Analysis

The Missing Guardrails: Why So Few Teams Scan AI Suggesti...

AI writes most new code, but few CI pipelines scan it before merge. Here's why the AI code scanning adoption gap exists — and what closes it.

Aug 8, 20257 min read
Industry Analysis

Why Policy Bypass Is Rising Even as AI Coding Tools Get '...

AI coding assistants keep getting smarter, yet developer security policy bypasses keep rising. Here's why the two trends are linked and how to close the gap.

Aug 7, 20257 min read
Industry Analysis

The False Sense of Security Effect in AI-Assisted Develop...

AI coding assistants make developers write faster and trust more — even when the code is less secure. Here's what the data shows, and how to close the gap.

Aug 6, 20257 min read
Container Security

Why Cloud Security Ownership Keeps Falling Into the Gap B...

Misconfigurations sit unpatched for months because three teams each assume someone else owns them. Here's why the cloud security ownership gap keeps widening.

Aug 5, 20257 min read
Container Security

Misconfiguration Fatigue: Why the Same Cloud Mistakes Kee...

The same cloud misconfigurations — public buckets, stale IAM roles, unwatched drift — keep causing breaches years apart. Here's why, with real cases and how to break the cycle.

Aug 5, 20258 min read
Container Security

Container Base Image Hygiene: An Underrated Lever for Red...

Swapping bloated base images for minimal ones can cut container CVE counts by 60-90% without touching app code. Here's the data and how to start.

Aug 5, 20259 min read
Container Security

The Real Trade-Off Between Deployment Speed and Cloud Sec...

Deployment speed and cloud security maturity aren't opposites. Real breaches trace to blind spots, not velocity — here's what the data actually shows engineering leaders.

Aug 5, 20258 min read
Container Security

Why Ephemeral Infrastructure Makes Traditional Vulnerabil...

Containers now live for minutes, not months. Here's why periodic vulnerability scanning can't see ephemeral infrastructure — and what actually closes the gap.

Aug 4, 20257 min read
Container Security

The Cost Multiplier Effect of Fixing Vulnerabilities in P...

A misconfigured base image caught at build time costs minutes to fix. Found in production, the same CVE triggers incident response and audits.

Aug 3, 20258 min read
Container Security

Why Container Registries Are an Underexamined Supply Chai...

Registries decide what code actually runs in production, yet most security programs treat them as passive storage. Here's why that's a costly blind spot.

Aug 2, 20256 min read
Open Source Security

Supply Chain Worming: Self-Propagating Malicious Packages...

How the Shai-Hulud npm worm self-propagated across 500+ packages in 48 hours by stealing tokens and republishing itself — and how to stop the next one.

Jul 31, 20257 min read
DevSecOps

Why Automated Package Publishing Pipelines Are a Growing ...

From tj-actions to xz utils, attackers are hijacking CI/CD pipelines to poison packages at the source. Here's why publishing pipelines are the new frontline.

Jul 30, 20257 min read
devsecops (Page 46) — Safeguard Blog