DevSecOps
CLI Tool Design For Developer Security Checks
A security CLI lives or dies on the experience of typing it. A design guide for building security tooling that respects the developer's terminal.
Mar 30, 20268 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A security CLI lives or dies on the experience of typing it. A design guide for building security tooling that respects the developer's terminal.
A 2026 supply chain security baseline for Jenkins: plugin hygiene, agent isolation, Pipeline-as-Code discipline, credentials, and provenance integration.
ACR's trusted images and notation signing combine into a deploy-time policy you can actually enforce. Here is how to roll it out without breaking AKS workloads.
A practical walkthrough for integrating Sigstore signing and verification with Azure Artifacts in 2026, including the gaps you should know about before starting.
Every security tool spends developer attention. A framework for budgeting friction across IDE, CLI, and PR-time supply chain checks without going bankrupt.
Practical Gitleaks configurations and workflows for 2026, including pre-commit setup, monorepo tuning, custom rules, and how to avoid the false-positive treadmill.
CI/CD runners are a top attacker target. Here's a concrete zero-trust blueprint using OIDC federation, pinned action SHAs, and short-lived identities.
Binary Authorization works in production, but the rollout pattern is not obvious. This is the real-world deployment guide for 2026 GCP estates.
Reachability across a monorepo or a microservices fleet needs different engineering than reachability inside a single service. Both are tractable; both have specific failure modes.
Weekly insights on software supply chain security, delivered to your inbox.