DevSecOps
GitHub Actions Security Best Practices in 2022
A practical guide to hardening your GitHub Actions workflows against supply chain attacks, secret leaks, and privilege escalation.
Jul 15, 20226 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A practical guide to hardening your GitHub Actions workflows against supply chain attacks, secret leaks, and privilege escalation.
GitHub Codespaces has gone GA and is about to become the dev environment standard. Here is a close read of its security model — including what it does not solve.
CI/CD pipelines trust environment variables implicitly. Injecting or modifying them can hijack builds, steal secrets, and compromise deployments.
ESLint can catch security issues before they reach production. Here is how to configure security-focused rules that actually help without drowning you in noise.
Hardening Flux CD deployments with multi-tenancy, RBAC, secret encryption, and image verification for secure GitOps workflows.
Software provenance answers the question: where did this code come from, who built it, and can I trust it? In 2022, provenance tracking moved from academic concept to practical necessity.
Understanding the security risks of feature flag systems and how to prevent unauthorized flag manipulation, data exposure, and configuration drift.
Your CI/CD pipeline is a high-value target. Without proper audit logging, you will not know when it has been compromised until it is too late.
Ephemeral environments — short-lived, on-demand copies of your application stack — are transforming how teams approach security testing. No more fighting over shared staging environments.
Weekly insights on software supply chain security, delivered to your inbox.