build-security
Safeguard articles tagged "build-security" — guides, analysis, and best practices for software supply chain and application security.
31 articles
VPN Security for Remote Development Teams: Beyond the Basics
Remote development teams depend on VPNs, but misconfigured VPNs create supply chain risks. Split tunneling, credential management, and endpoint security all affect build pipeline integrity.
Makefile Injection Attacks: When Build Automation Becomes a Weapon
Makefiles execute shell commands by design. When those commands incorporate untrusted input, the results are predictably dangerous.
Build Reproducibility: A Verification Guide
If you cannot reproduce a build bit-for-bit, you cannot verify it was not tampered with. This guide covers deterministic builds, reproducibility verification, and why it matters for supply chain trust.
Environment Variable Injection in CI/CD: The Invisible Attack Surface
CI/CD pipelines trust environment variables implicitly. Injecting or modifying them can hijack builds, steal secrets, and compromise deployments.
Software-Defined Perimeters for Supply Chain Security
Software-Defined Perimeters can isolate build systems, artifact repositories, and deployment pipelines from unauthorized access. Here is how SDP applies to supply chain security.
Temp File Race Conditions in Build Systems: The TOCTOU Problem
Build systems create and process temporary files constantly. Race conditions in temp file handling can be exploited to inject malicious content into builds.
SolarWinds Lessons Two Years On: What Actually Changed
Two years after the SolarWinds SUNBURST compromise, the industry has new frameworks and new vocabulary — but has the build pipeline actually gotten harder to attack?