devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
CircleCI Security Configuration Guide
Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.
Harness CI/CD Security Features
Leveraging Harness platform security capabilities including governance policies, secret management, and pipeline security controls.
Runtime Application Self-Protection (RASP): A Practical Guide
RASP embeds security directly into the application runtime, detecting and blocking attacks from inside the app. It's powerful, controversial, and misunderstood. Here's what actually works.
Container Base Image Selection: A Security-First Decision Framework
Your base image choice determines your container security baseline. Most teams pick based on size or familiarity, not security properties.
Container Vulnerability Scanning: Comparing the Top Tools in 2023
Not all container scanners are equal. We compared Trivy, Grype, Snyk Container, and others on accuracy, speed, and coverage.
3CX Attack Lessons: What Every Software Vendor Must Do Differently
The 3CX supply chain attack exposed critical gaps in how software vendors protect their build pipelines. Here are the concrete lessons.
GitLab CI Security Scanning Setup
Step-by-step guide to enabling SAST, DAST, dependency scanning, and container scanning in GitLab CI pipelines.
Cross-Functional Security Collaboration
Security isn't just the security team's problem. Building effective collaboration between security, engineering, product, and operations is essential for supply chain defense.
Git Credential Security for Organizations: Locking Down Source Access
Git credentials are the keys to your source code. Here is how organizations should manage them to prevent unauthorized access and credential theft.
GitLab Ultimate Security Features: Built-In Security Done Pragmatically
A review of GitLab Ultimate's security scanning features covering SAST, DAST, dependency scanning, container scanning, and how integrated security compares to best-of-breed tools.
Spinnaker Deployment Security
Securing Spinnaker's multi-cloud deployment pipelines with authentication, authorization, pipeline constraints, and artifact verification.
Blue-Green Deployment Security
Security considerations for blue-green deployment strategies including environment parity, rollback integrity, and data migration safety.