devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
Dependency Hijacking Prevention: A Comprehensive Guide
Dependency hijacking encompasses multiple attack techniques that redirect dependency resolution to attacker-controlled packages. This guide covers all major hijacking vectors and their countermeasures.
Dagger CI/CD Security Benefits
How Dagger's containerized pipeline model improves CI/CD security with hermetic builds, portability, and reduced platform dependency.
Building a DevSecOps Culture: Beyond Tools and into Teams
DevSecOps is a culture shift, not a tooling decision. Practical strategies for building security into development teams without creating friction or resentment.
How to Enable Dependency Review on GitHub PRs
A step-by-step tutorial for turning on GitHub Dependency Review, enforcing license and severity policies, and getting fast feedback on every pull request.
Zero Trust for Developer Workstations: Rethinking Endpoint Security
Developer workstations have elevated access to source code, build systems, and deployment pipelines. Zero Trust principles applied to these endpoints significantly reduce supply chain attack surface.
When Observability Meets Security: The Convergence That Changes Everything
Observability and security have operated in silos for too long. Their convergence creates capabilities that neither could achieve alone.
GitHub Packages Security Features: What You Get and What You Do Not
GitHub Packages integrates tightly with GitHub Actions and repositories. Its security features are convenient but have gaps that teams need to understand.
DevSecOps Toolchain Integration Patterns That Actually Work
Most DevSecOps tool integrations fail because they are bolted on rather than designed in. Here are integration patterns that provide security value without breaking the developer experience.
Security Challenges in Polyglot Repositories
Repositories containing multiple programming languages multiply the security tooling, configuration, and expertise required. These challenges are manageable with the right approach.
IAST Explained: Why Instrumented Security Testing Catches What Others Miss
IAST combines the precision of SAST with the realism of DAST. Here is how it works, where it fits, and what it actually costs to deploy.
CI/CD Secret Sprawl: How Pipeline Credentials Become Your Biggest Risk
Your CI/CD pipeline has more credentials than your production environment. Secret sprawl across pipelines creates a massive attack surface that most teams cannot even inventory.
SSH Key Management for Organizations: Beyond the Basics
SSH keys provide access to your most critical infrastructure. Most organizations manage them poorly. Here is how to do it right.