DevSecOps
ArgoCD GitOps Security Depth
A deep look at ArgoCD security in production: RBAC models, repo credentials, ApplicationSet risks, and the CVEs that have shaped the current hardening defaults.
Jun 25, 20246 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A deep look at ArgoCD security in production: RBAC models, repo credentials, ApplicationSet risks, and the CVEs that have shaped the current hardening defaults.
Move from Ansible to GitOps with supply chain security intact. Pattern-by-pattern migration, trust boundary changes, and pitfalls to avoid in the transition.
The Gradle build cache is a performance feature with supply chain consequences. Here is how to configure it so cache poisoning, stale outputs, and cross-project contamination do not become your next incident.
Your security team is probably understaffed. Here is how to scale security coverage without proportionally scaling headcount.
Vite has become the default build tool for a generation of JavaScript frameworks. Its plugin model, dev server, and dependency pre-bundling each carry distinct security implications worth understanding.
A security review of the Harness.io platform covering SSCA, CI/CD governance, STO integration, and the practical configuration required to get a production-grade supply chain posture.
Container scanners produce mountains of findings. A significant percentage are false positives. Here is how to measure and manage the noise.
How Jenkins pipelines end up as supply chain attack vectors, covering Groovy sandbox risks, plugin CVEs, credential binding, and practical hardening for Jenkins 2.440+.
A dependency firewall sits between your build system and public registries, filtering packages based on security policies. Here is how to design and implement one.
Weekly insights on software supply chain security, delivered to your inbox.