Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Software Supply Chain Security

Dependency Hijacking Prevention: A Comprehensive Guide

Dependency hijacking encompasses multiple attack techniques that redirect dependency resolution to attacker-controlled packages. This guide covers all major hijacking vectors and their countermeasures.

Nov 5, 20235 min read
DevSecOps

Dagger CI/CD Security Benefits

How Dagger's containerized pipeline model improves CI/CD security with hermetic builds, portability, and reduced platform dependency.

Oct 28, 20236 min read
DevSecOps

Building a DevSecOps Culture: Beyond Tools and into Teams

DevSecOps is a culture shift, not a tooling decision. Practical strategies for building security into development teams without creating friction or resentment.

Oct 25, 20236 min read
DevSecOps

How to Enable Dependency Review on GitHub PRs

A step-by-step tutorial for turning on GitHub Dependency Review, enforcing license and severity policies, and getting fast feedback on every pull request.

Oct 12, 20236 min read
Network Security

Zero Trust for Developer Workstations: Rethinking Endpoint Security

Developer workstations have elevated access to source code, build systems, and deployment pipelines. Zero Trust principles applied to these endpoints significantly reduce supply chain attack surface.

Oct 5, 20235 min read
Industry Trends

When Observability Meets Security: The Convergence That Changes Everything

Observability and security have operated in silos for too long. Their convergence creates capabilities that neither could achieve alone.

Oct 5, 20236 min read
DevSecOps

GitHub Packages Security Features: What You Get and What You Do Not

GitHub Packages integrates tightly with GitHub Actions and repositories. Its security features are convenient but have gaps that teams need to understand.

Sep 12, 20236 min read
DevSecOps

DevSecOps Toolchain Integration Patterns That Actually Work

Most DevSecOps tool integrations fail because they are bolted on rather than designed in. Here are integration patterns that provide security value without breaking the developer experience.

Aug 18, 20236 min read
DevSecOps

Security Challenges in Polyglot Repositories

Repositories containing multiple programming languages multiply the security tooling, configuration, and expertise required. These challenges are manageable with the right approach.

Jul 22, 20236 min read
Application Security

IAST Explained: Why Instrumented Security Testing Catches What Others Miss

IAST combines the precision of SAST with the realism of DAST. Here is how it works, where it fits, and what it actually costs to deploy.

Jul 22, 20237 min read
DevSecOps

CI/CD Secret Sprawl: How Pipeline Credentials Become Your Biggest Risk

Your CI/CD pipeline has more credentials than your production environment. Secret sprawl across pipelines creates a massive attack surface that most teams cannot even inventory.

Jul 20, 20235 min read
DevSecOps

SSH Key Management for Organizations: Beyond the Basics

SSH keys provide access to your most critical infrastructure. Most organizations manage them poorly. Here is how to do it right.

Jul 8, 20234 min read
devsecops (Page 56) — Safeguard Blog