devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
ArgoCD GitOps Security Depth
A deep look at ArgoCD security in production: RBAC models, repo credentials, ApplicationSet risks, and the CVEs that have shaped the current hardening defaults.
Migrating From Ansible to GitOps: A Supply Chain Perspective
Move from Ansible to GitOps with supply chain security intact. Pattern-by-pattern migration, trust boundary changes, and pitfalls to avoid in the transition.
AWS CodePipeline Hardening Patterns
CodePipeline is the glue between your source, build, and deploy. It is also the thing that gets the widest IAM role in most AWS accounts. Here is how to harden it without rewriting your pipelines.
DevEx Meets DevSecOps: Why Developer Experience Determines Security Outcomes
Security tools that developers hate get bypassed. The organizations with the best security outcomes are the ones that treat developer experience as a security requirement.
DevSecOps Meaning: Definition, Model, and How It Differs From SecDevOps
DevSecOps means making security a shared, automated responsibility inside the DevOps loop. Here is the working definition, the operating model, and why the SecDevOps naming debate mostly misses the point.
Gradle Build Cache Security Hardening
The Gradle build cache is a performance feature with supply chain consequences. Here is how to configure it so cache poisoning, stale outputs, and cross-project contamination do not become your next incident.
Security Team Scaling Strategies: Growing Without Burning Out
Your security team is probably understaffed. Here is how to scale security coverage without proportionally scaling headcount.
Vite Build Tool Security Considerations
Vite has become the default build tool for a generation of JavaScript frameworks. Its plugin model, dev server, and dependency pre-bundling each carry distinct security implications worth understanding.
Harness.io Supply Chain Security Reviewed
A security review of the Harness.io platform covering SSCA, CI/CD governance, STO integration, and the practical configuration required to get a production-grade supply chain posture.
GCP Cloud Build Hardening in Production
Lessons from hardening Cloud Build pipelines in production environments: private pools, least-privilege service accounts, provenance, and the controls that actually stop lateral movement.
DevSecOps Definition: How It Differs From DevOps and SecOps Alone
The devsecops definition that actually matters isn't a new tool category — it's making security a shared responsibility across the pipeline instead of a gate at the end.
False Positive Rates in Container Scanning: Why Your Scanner Lies to You
Container scanners produce mountains of findings. A significant percentage are false positives. Here is how to measure and manage the noise.