Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Industry Analysis

DevSecOps Automation Maturity in 2024: Where Teams Actually Stand

Industry surveys and real-world data paint a sobering picture of DevSecOps automation maturity. Most organizations are still in the early stages despite years of investment.

Dec 5, 20247 min read
DevSecOps

Hardening GitLab vs GitHub Default Settings

GitLab and GitHub both ship with defaults that prioritize usability. A head-to-head on the specific hardening steps each platform needs before it is safe for enterprise use.

Dec 5, 20246 min read
DevSecOps

Woodpecker CI Security Review

A security review of Woodpecker CI, the community fork of Drone: runner isolation, secret handling, plugin ecosystem, and the trade-offs of running a self-hosted lightweight CI.

Dec 2, 20248 min read
Best Practices

Container Security Best Practices for 2025: Beyond Image Scanning

Container security has evolved far past vulnerability scanning. Here is what mature container security programs look like heading into 2025.

Dec 1, 20247 min read
DevSecOps

Go Build Cache Poisoning Risks

The Go build cache makes builds fast and reproducible, but a poisoned cache can reuse malicious compiled output indefinitely while the source looks clean.

Nov 28, 20247 min read
Best Practices

Secrets Rotation Across Microservices: A Playbook

A practical senior engineer's playbook for rotating secrets across microservices without downtime, drift, or the quiet credential leaks that come from half-done cutovers.

Nov 22, 20247 min read
Comparisons

Self-Hosted vs SaaS Security Scanning: An Honest Comparison

Run scanners on your own metal or rent the vendor's? A cost, latency, and data-residency comparison from someone who has operated both and regretted each at least once.

Nov 21, 20246 min read
DevSecOps

GCP Terraform Provider Security Review

A security-focused review of the Google Terraform providers: provenance, authentication paths, state handling, and the misconfigurations that consistently produce incidents across the Google and Google-Beta provider ecosystem.

Nov 18, 20247 min read
DevSecOps

Concourse CI Supply Chain Hardening

A practical hardening guide for Concourse CI: resource type trust, worker isolation, team-level RBAC, and the var source security that underpins the platform's multi-tenancy model.

Nov 8, 20248 min read
DevSecOps

Buildkite Supply Chain Hardening

A practical hardening guide for Buildkite: agent isolation, pipeline upload security, plugin risks, and the agent-token rotation strategy that keeps the trust model intact.

Oct 25, 20248 min read
DevSecOps

Maven Release Plugin Hardening

The Maven Release Plugin is the oldest piece of release automation most Java shops still run. A look at the hardening steps it usually needs.

Oct 22, 20246 min read
DevSecOps

go generate Supply Chain Risks

go generate is a seam where arbitrary commands run with the full privileges of the developer, and it does not show up in any manifest of trusted dependencies.

Oct 15, 20247 min read
devsecops (Page 51) — Safeguard Blog