Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

DevSecOps

GitHub Repository Security Settings Guide

Configure GitHub repository security settings for branch protection, secret scanning, dependency alerts, and code scanning.

Dec 12, 20225 min read
Security Culture

Scaling a Security Champions Network

Security teams can't be everywhere. A well-structured security champions network extends security expertise into every development team without bottlenecking delivery.

Nov 18, 20227 min read
Application Security

Taming Static Analysis: A Practical Guide to False Positive Reduction

False positives kill SAST adoption faster than anything else. Here is how to cut through the noise without missing real vulnerabilities.

Nov 12, 20227 min read
DevSecOps

Jenkins Pipeline Security Hardening

How to lock down Jenkins pipelines against credential theft, script injection, and unauthorized access with practical hardening steps.

Nov 8, 20226 min read
DevSecOps

Tekton Pipeline Security Guide

Securing Tekton CI/CD pipelines on Kubernetes with task isolation, supply chain verification, and least-privilege service accounts.

Oct 22, 20225 min read
DevSecOps

Developer Productivity vs. Security: Finding the Real Balance

The security-productivity tension is real but often exaggerated. Most friction comes from bad tooling and poor processes, not from security itself. Here is how to fix the actual problems.

Oct 5, 20226 min read
SBOM

Building an SBOM Program from Scratch: A Practical Guide

Standing up an SBOM program is more than picking a tool. This guide covers organizational buy-in, tooling selection, automation, and scaling from your first BOM to enterprise-wide adoption.

Sep 20, 20227 min read
DevSecOps

Canary Deployments and Security Monitoring

Using canary deployment strategies to catch security regressions before they reach all users, with monitoring patterns for security-relevant metrics.

Sep 12, 20226 min read
Application Security

Security Misconfiguration Checklist: The Low-Hanging Fruit Attackers Love

Misconfigurations are the easiest vulnerabilities to find and exploit. Here is a practical checklist for web servers, frameworks, cloud services, and databases.

Sep 8, 20226 min read
DevSecOps

Docker Security Best Practices for Developers

Practical Docker security from image building to runtime, covering multi-stage builds, user namespaces, and image scanning.

Aug 8, 20224 min read
Application Security

Mutation Testing for Security Validation: Testing Your Tests

Mutation testing measures whether your security tests actually catch bugs by introducing small changes to code and checking if tests fail. Here is how to apply it to security-critical code.

Aug 5, 20225 min read
DevSecOps

GitHub Actions Security Best Practices in 2022

A practical guide to hardening your GitHub Actions workflows against supply chain attacks, secret leaks, and privilege escalation.

Jul 15, 20226 min read
devsecops (Page 58) — Safeguard Blog