Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

DevSecOps

CircleCI Security Configuration Guide

Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.

Jul 8, 20235 min read
DevSecOps

Harness CI/CD Security Features

Leveraging Harness platform security capabilities including governance policies, secret management, and pipeline security controls.

Jun 28, 20235 min read
Application Security

Runtime Application Self-Protection (RASP): A Practical Guide

RASP embeds security directly into the application runtime, detecting and blocking attacks from inside the app. It's powerful, controversial, and misunderstood. Here's what actually works.

Jun 25, 20239 min read
Container Security

Container Base Image Selection: A Security-First Decision Framework

Your base image choice determines your container security baseline. Most teams pick based on size or familiarity, not security properties.

Jun 12, 20236 min read
Container Security

Container Vulnerability Scanning: Comparing the Top Tools in 2023

Not all container scanners are equal. We compared Trivy, Grype, Snyk Container, and others on accuracy, speed, and coverage.

May 10, 20236 min read
DevSecOps

3CX Attack Lessons: What Every Software Vendor Must Do Differently

The 3CX supply chain attack exposed critical gaps in how software vendors protect their build pipelines. Here are the concrete lessons.

Apr 2, 20237 min read
DevSecOps

GitLab CI Security Scanning Setup

Step-by-step guide to enabling SAST, DAST, dependency scanning, and container scanning in GitLab CI pipelines.

Mar 22, 20236 min read
Security Culture

Cross-Functional Security Collaboration

Security isn't just the security team's problem. Building effective collaboration between security, engineering, product, and operations is essential for supply chain defense.

Mar 18, 20236 min read
DevSecOps

Git Credential Security for Organizations: Locking Down Source Access

Git credentials are the keys to your source code. Here is how organizations should manage them to prevent unauthorized access and credential theft.

Mar 8, 20234 min read
Tool Reviews

GitLab Ultimate Security Features: Built-In Security Done Pragmatically

A review of GitLab Ultimate's security scanning features covering SAST, DAST, dependency scanning, container scanning, and how integrated security compares to best-of-breed tools.

Feb 28, 20235 min read
DevSecOps

Spinnaker Deployment Security

Securing Spinnaker's multi-cloud deployment pipelines with authentication, authorization, pipeline constraints, and artifact verification.

Feb 25, 20235 min read
DevSecOps

Blue-Green Deployment Security

Security considerations for blue-green deployment strategies including environment parity, rollback integrity, and data migration safety.

Jan 15, 20236 min read
devsecops (Page 57) — Safeguard Blog