Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Dev Practices

Git Branching Strategies With Security Gates

Trunk-based, GitHub Flow, or GitFlow — your branching model decides where security checks can actually block bad code. Here is how to wire gates into each.

Jun 24, 20256 min read
AppSec

Code Scanning Tools: SAST, Secrets, and Linters Compared

SAST tools, secret scanners, and linters all read your source code but catch entirely different classes of problems — here's how to tell them apart and stack them correctly.

Jun 24, 20255 min read
AppSec

Application Security Testing Tools: SAST, DAST, IAST, and SCA Compared

Four scanner families see four different slices of your risk. What SAST, DAST, IAST, and SCA each catch and miss, and how to sequence them in CI without drowning developers.

Jun 24, 20256 min read
DevSecOps

DevOps Security Best Practices: Shifting Left Without Slowing Down

Shift left fails when it means shifting friction left. Here are the DevOps security best practices that catch issues early while keeping pipelines fast enough that engineers leave the gates on.

Jun 24, 20256 min read
AppSec

DAST Tools for DevSecOps Teams

The best DAST tools for DevSecOps teams run inside CI/CD rather than as a separate pre-launch step, and Gartner's own analysis of the DAST market backs that shift as the defining trend.

Jun 23, 20255 min read
Supply Chain

Open Source Code Scanning: Tools and Workflow

Open source code scanning tools can cover most of a small team's needs for free, but the workflow around them — what runs where, and who reviews the output — matters more than which tool you pick.

Jun 17, 20255 min read
DevSecOps

Security Testing in the Software Development Lifecycle

Security testing for software development only works when it's distributed across the SDLC, not bolted on as a single pre-release gate — here's where each test type actually belongs.

Jun 9, 20255 min read
AppSec

Open Source SAST Tools Worth Evaluating

A rundown of the open source SAST tools engineering teams actually use in production, and where each one runs out of road.

May 14, 20255 min read
Containers

Docker Privileged Containers: `docker run` and Compose Risks

docker run privileged and docker compose privileged both hand a container root-equivalent access to the host — here's exactly what that means and when, if ever, it's justified.

May 9, 20255 min read
DevSecOps

Choosing a Private Package Registry in 2025

A 2025 buyer's guide comparing JFrog Artifactory, Sonatype Nexus, GitHub Packages, Google Artifact Registry, and Cloudsmith on ecosystems, policy, and TCO.

May 8, 20255 min read
Vulnerabilities

The Java Security Manager Is Deprecated: What to Use Instead

JEP 411 deprecated the Java Security Manager for removal, and years of accumulated java security flaws in its trust model are why the platform is retiring it rather than fixing it further.

May 6, 20255 min read
Containers

Container Vulnerability Management: The Full Lifecycle

Container vulnerability management is a lifecycle, not a scan — here's what happens from base image selection through runtime, and where most programs quietly fall apart.

May 6, 20256 min read
devsecops (Page 49) — Safeguard Blog