devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
AWS CodeBuild Supply Chain Hardening Guide
CodeBuild projects are where most AWS supply chain compromises end up executing. Here is a practical hardening guide built from years of incident response, with specific buildspec controls and IAM patterns.
What is Egress Filtering in CI
Egress filtering in CI restricts where build jobs can send traffic, so a compromised dependency can't exfiltrate your secrets. Here's how to roll it out without breaking builds.
What Is DevSecOps? Explained in Plain Terms
A plain-terms answer to devsecops o que e, the Portuguese-language version of 'what is DevSecOps,' with the same explanation that applies regardless of what language you searched in.
1Password Secrets Automation in CI
1Password has quietly become a credible secrets backend for CI/CD. A walkthrough of Connect, Service Accounts, and the CLI patterns that make 1Password Secrets Automation work in a build pipeline.
Azure DevOps YAML Pipeline Hardening
A practical, line-by-line walk through hardening Azure DevOps YAML pipelines — template injection, task version pinning, approvals, and the defaults that will bite you.
Migrating Jenkins to GitHub Actions: Security
A case study in moving a sprawling Jenkins estate to GitHub Actions without losing supply chain visibility, artifact integrity, or developer trust.
Jenkins Pipeline Supply Chain Security
How Jenkins pipelines end up as supply chain attack vectors, covering Groovy sandbox risks, plugin CVEs, credential binding, and practical hardening for Jenkins 2.440+.
GitHub Advanced Security vs Alternatives, Early 2024
GitHub Advanced Security anchors many AppSec programs in 2024, but Snyk, Semgrep, Endor, and others are credible alternatives. Here is an honest comparison.
Dependency Firewalls: Concept, Architecture, and Implementation
A dependency firewall sits between your build system and public registries, filtering packages based on security policies. Here is how to design and implement one.
What Is SSDLC? The Secure Software Development Lifecycle
SSDLC builds security work into every phase of delivery instead of auditing at the end. Here is what changes at each phase, which frameworks define it, and how to adopt it without stalling releases.
What Is AppSec, and Who Owns It on a Modern Team?
AppSec covers every security decision made about how software is designed, built, and shipped — but ownership is more distributed than most org charts admit.
CI/CD Compromise Investigation Steps
A step-by-step investigation playbook for suspected CI/CD pipeline compromise, from runner forensics to secrets rotation.