With the rise of software supply chain attacks, securing development environments through DevSecOps practices in air-gapped setups is increasingly critical, involving the separation of internal networks from external ones to enhance security. An air-gapped solution, while providing stricter security, requires comprehensive measures such as scanning third-party dependencies for vulnerabilities and license violations using tools like JFrog Xray. This setup involves installing Xray in both the internal network and an external DMZ to ensure continuous scanning of artifacts and leveraging JFrog CLI for updating the Xray database with the latest vulnerability intelligence. The process includes differentiating between policies on the DMZ and internal environments, using a duplicated staging environment for testing, and managing dependencies through an identity-based solution that tracks requests and approvals. The approach not only facilitates auditing and scalability but also integrates the SecOps team seamlessly while automating processes for developers, although it demands robust automation and active SecOps involvement.