Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Application Security

SAST vs DAST vs IAST: Which Application Security Testing Approach Fits Your Pipeline?

A practical comparison of SAST, DAST, and IAST — when to use each, where they overlap, and why most teams need more than one.

Jul 8, 20227 min read
Application Security

Secrets Management: Preventing Credential Leaks in Your Software Supply Chain

Hardcoded credentials remain the most common source of breaches. Despite a decade of tooling improvements, secrets keep leaking through source code, container images, CI logs, and dependency configurations. Here is how to actually fix it.

Jun 22, 20229 min read
DevSecOps

Flux CD GitOps Security Practices

Hardening Flux CD deployments with multi-tenancy, RBAC, secret encryption, and image verification for secure GitOps workflows.

Jun 18, 20225 min read
Best Practices

Shifting Left Without Slowing Down

How to integrate security earlier in the development lifecycle without turning your CI pipeline into a bottleneck that developers hate.

Jun 15, 20226 min read
DevSecOps

Feature Flags Security Implications

Understanding the security risks of feature flag systems and how to prevent unauthorized flag manipulation, data exposure, and configuration drift.

May 8, 20226 min read
DevSecOps

Ephemeral Environments for Security Testing: A Modern Approach

Ephemeral environments — short-lived, on-demand copies of your application stack — are transforming how teams approach security testing. No more fighting over shared staging environments.

Apr 25, 20225 min read
DevSecOps

SBOM Automation in CI/CD Pipelines: A Hands-On Guide

Generating SBOMs manually is unsustainable. Here's how to automate SBOM creation, validation, and distribution as part of your existing CI/CD pipeline with practical examples.

Apr 8, 20225 min read
DevSecOps

Software Supply Chain Security for Startups: A Practical Guide

You don't need a massive security team to get supply chain security right. Here's a pragmatic, prioritized approach for startups that balances risk reduction with engineering velocity.

Feb 15, 20226 min read
DevSecOps

DevSecOps Maturity Model: Where Does Your Organization Stand?

Most teams claim they've adopted DevSecOps. Few have actually matured beyond running a scanner in CI. Here's a practical maturity model to figure out where you really are.

Aug 28, 20218 min read
DevSecOps

Securing CI/CD Pipelines from Supply Chain Attacks

CI/CD pipelines are the new attack surface. From poisoned dependencies to compromised build tools, here's how to lock down your software delivery infrastructure.

Aug 20, 20216 min read
devsecops (Page 59) — Safeguard Blog