Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

DevSecOps

Shift-Left Security: How to Implement It Without Breaking Developers

Shift-left security fails when it just means 'more scanners earlier.' A 2026 implementation guide to moving security into the developer workflow with precision — IDE, pre-commit, PR, and pipeline.

Jul 7, 20265 min read
Supply Chain Attacks

Anatomy of an npm Dependency Confusion Attack

One researcher published fake packages matching internal names at over 35 companies in 2021 and collected six-figure bounties — here's exactly how the registry resolution flaw works.

Jul 7, 20266 min read
AI Security

Choosing a security tool for AI-generated code

GitHub reported in 2024 that Copilot writes up to 46% of code in enabled files — the same vulnerability classes humans write, now shipped at machine speed.

Jul 7, 20267 min read
DevSecOps

How to Report AppSec Risk to Your CISO

CVSS measures severity, not risk — and a slide of 4,000 raw findings tells a CISO nothing. Here's how to translate scan output into decisions.

Jul 7, 20267 min read
DevSecOps

Reducing Docker image build time without sacrificing security

Multi-stage builds and minimal base images can cut CI build times dramatically — and they're the same changes that shrink your CVE attack surface.

Jul 7, 20266 min read
Application Security

Securing Python Virtual Environments

A single sudo pip install can overwrite files an OS package manager owns — PEP 668 exists because that anti-pattern was common enough to break Linux distros.

Jul 7, 20267 min read
DevSecOps

Software Composition Analysis Best Practices for Engineering Teams

CVE-2017-5638 was patched by Apache in March 2017, two months before Equifax was breached through it. Point-in-time SCA scans miss exactly this kind of drift.

Jul 7, 20267 min read
DevSecOps

Foundations for adopting AI coding tools securely in an engineering org

One engineering team cut critical vulnerability remediation from a week to 24 hours after wiring security checks into AI coding tools at the moment of code generation.

Jul 7, 20268 min read
AI Security

Governing AI agents inside the execution loop

Snyk's Evo Agentic Development Security, in open preview since June 23, 2026, hooks directly into an agent's tool calls — proof that pre-deployment review can't govern a decision made mid-session.

Jul 7, 20268 min read
Industry Analysis

How the security industry is scaling partnerships for AI risk

No vendor covers model security, agent runtime policy, supply-chain risk, and code-level AppSec alone — partner-sourced ARR at one major vendor grew over 6x from 2023 to 2025.

Jul 7, 20266 min read
AI Security

How to build and justify an AI security budget

CVE-2025-6514 let a flawed MCP proxy escalate to full remote code execution — a preview of why AI/agentic risk needs its own budget line, not a slice of the AppSec line.

Jul 7, 20268 min read
AI Security

New security risks across the agentic development lifecycle

Snyk found 76 confirmed-malicious skills among 3,984 analyzed and roughly a third of public MCP servers carrying exploitable flaws — legacy AppSec never modeled an agent as the author.

Jul 7, 20267 min read
devsecops (Page 6) — Safeguard Blog