Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

DevSecOps

CircleCI Security Best Practices After the 2023 Breach

The January 2023 CircleCI incident forced every customer to rotate every secret. Here is what it taught us — plus hardened config.yml examples for orb pinning, restricted contexts, OIDC, and adding scanning.

Jul 4, 20266 min read
DevSecOps

Dependency Management Best Practices for Secure Software

Your app is mostly other people's code. A 2026 guide to managing dependencies securely — lockfiles, provenance, SBOMs, update strategy, and reachability — so a bad package doesn't become your breach.

Jul 4, 20265 min read
Security Guides

The Go Vulnerability Scanning Guide: govulncheck, Reachability, and CI

Most scanners tell you a CVE exists somewhere in go.sum. govulncheck tells you whether your code can actually reach it. Here's how Go's reachability-based scanning works and how to run it well.

Jul 4, 20266 min read
DevSecOps

Policy as Code for Security: A Practical Guide

When your security rules live in a wiki, they are advice. When they live in version-controlled code the pipeline enforces, they are controls. Here is how to move security policy into code that actually runs.

Jul 4, 20266 min read
FAQ

Remediation Automation FAQ: Policies, Strategies, and Scaling Fixes

How to operationalize remediation automation — automation strategies, severity policies, SLAs, metrics that matter, and how a small team scales fixes across hundreds of repos.

Jul 4, 20265 min read
Container Security

Scanning Docker Images in CI/CD Pipelines

Scanning a container after it deploys is an incident report. Scanning it in the pipeline is a one-line diff. Here is how to gate builds on image scans without drowning developers in false positives.

Jul 4, 20265 min read
Container Security

Securing Container Registries: From Push to Pull

Your registry is the single point every image passes through — and a favorite target for attackers who want to poison many deployments at once. Here is how to lock it down end to end.

Jul 4, 20265 min read
FAQ

Shift-Left Security FAQ: 2026 Explained

Common questions about shift-left security answered for 2026 — what it means, why earlier is cheaper, how it works in practice, and how to avoid overwhelming developers.

Jul 4, 20265 min read
Solutions

Software Supply Chain Security for Startups

For a startup, supply chain security is less about compliance mandates and more about closing enterprise deals and surviving the incident that could end you. Here is how to get it right with a small team.

Jul 4, 20265 min read
Concepts

What Is a Secure SDLC (Secure Software Development Lifecycle)?

A Secure SDLC embeds security activities into every phase of software development — from planning to production — instead of bolting a security review on at the end. Here's what each phase looks like and how to build one.

Jul 4, 20266 min read
Container Security

Container Image Scanning Best Practices

A practical guide to container image scanning: when to scan, what to block, what scanners like Snyk miss, and how to build a policy that actually gets remediated.

Jul 4, 20268 min read
Cloud Security

Cloud Misconfiguration Prevention: Stop Breaches Before They Ship

Misconfiguration is the leading cause of cloud breaches, and it has no CVE and no patch. Here's a taxonomy of the common ones and a shift-left playbook to prevent them.

Jul 3, 20265 min read
devsecops (Page 9) — Safeguard Blog