ci
Safeguard articles tagged "ci" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Netlify Build Plugins as arbitrary code execution at build time in 2026
The @netlify/plugin-* ecosystem runs in your build with full filesystem and network access. Here is how to evaluate, allowlist, and gate it in 2026.
How to Add Reachability Analysis to PR Checks
Run reachability analysis on every pull request to slash vulnerability false positives by 70%+, gate merges on exploitable findings, and keep devs focused.
How to Validate SLSA Provenance in CI
Generate and validate SLSA v1.0 provenance attestations in GitHub Actions using slsa-verifier, gate releases on builder identity, and prove build integrity.
How to Measure Dependency Freshness in CI
A practical CI tutorial for measuring dependency freshness, setting SLOs for version drift, and failing builds when packages fall too far behind upstream.
How to Pin GitHub Actions to SHAs Correctly
A hands-on guide to pinning every third-party GitHub Action to a full commit SHA, automating updates with Dependabot, and avoiding the common pitfalls.