devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
GitHub Repository Security Settings Guide
Configure GitHub repository security settings for branch protection, secret scanning, dependency alerts, and code scanning.
Scaling a Security Champions Network
Security teams can't be everywhere. A well-structured security champions network extends security expertise into every development team without bottlenecking delivery.
Taming Static Analysis: A Practical Guide to False Positive Reduction
False positives kill SAST adoption faster than anything else. Here is how to cut through the noise without missing real vulnerabilities.
Jenkins Pipeline Security Hardening
How to lock down Jenkins pipelines against credential theft, script injection, and unauthorized access with practical hardening steps.
Tekton Pipeline Security Guide
Securing Tekton CI/CD pipelines on Kubernetes with task isolation, supply chain verification, and least-privilege service accounts.
Developer Productivity vs. Security: Finding the Real Balance
The security-productivity tension is real but often exaggerated. Most friction comes from bad tooling and poor processes, not from security itself. Here is how to fix the actual problems.
Building an SBOM Program from Scratch: A Practical Guide
Standing up an SBOM program is more than picking a tool. This guide covers organizational buy-in, tooling selection, automation, and scaling from your first BOM to enterprise-wide adoption.
Canary Deployments and Security Monitoring
Using canary deployment strategies to catch security regressions before they reach all users, with monitoring patterns for security-relevant metrics.
Security Misconfiguration Checklist: The Low-Hanging Fruit Attackers Love
Misconfigurations are the easiest vulnerabilities to find and exploit. Here is a practical checklist for web servers, frameworks, cloud services, and databases.
Docker Security Best Practices for Developers
Practical Docker security from image building to runtime, covering multi-stage builds, user namespaces, and image scanning.
Mutation Testing for Security Validation: Testing Your Tests
Mutation testing measures whether your security tests actually catch bugs by introducing small changes to code and checking if tests fail. Here is how to apply it to security-critical code.
GitHub Actions Security Best Practices in 2022
A practical guide to hardening your GitHub Actions workflows against supply chain attacks, secret leaks, and privilege escalation.