Safeguard
Tag

ci-cd-security

Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.

186 articles

Application Security

How to configure OWASP ZAP for automated scanning

A step-by-step guide to configuring OWASP ZAP for automated scanning in CI/CD, from Docker setup through baseline and API scans to pipeline gating.

Feb 15, 20268 min read
Open Source Security

How to set up software composition analysis (SCA)

A practical, step-by-step guide to setting up software composition analysis: choosing a tool, setting policy, and integrating scans into CI/CD.

Feb 15, 20267 min read
Infrastructure Security

How to scan Terraform for misconfigurations with Checkov

A hands-on guide to running Checkov against Terraform, triaging findings, writing custom policies, and blocking IaC misconfigurations before they merge.

Feb 13, 20269 min read
Vulnerability Analysis

The Shai-Hulud npm Supply Chain Attack Explained

How the Shai-Hulud worm turned compromised npm maintainer tokens into a self-replicating supply chain attack, and how to detect and remediate it.

Feb 11, 20268 min read
DevSecOps

How to secure Jenkins pipelines

A step-by-step guide to secure Jenkins pipelines: hardening the controller, fixing credentials management, RBAC setup, agent isolation, and supply chain verification.

Feb 10, 20268 min read
Vulnerability Analysis

The Codecov Supply Chain Attack Explained

A breakdown of the 2021 Codecov breach: how the Bash Uploader was compromised, what CI secrets were exposed, and the remediation steps teams need now.

Feb 10, 20268 min read
Software Supply Chain Security

What is Artifact Repository Security

Artifact repositories are prime attack targets — one poisoned package reaches every downstream consumer. Here's what actually secures them.

Feb 3, 20267 min read
Best Practices

What is a Trust Boundary

A trust boundary is where data crosses into a higher-privilege context and must be verified. Learn where they hide and how breaches like Log4Shell exploited them.

Feb 3, 20266 min read
Supply Chain Attacks

Gradle build script injection and plugin supply chain att...

How attackers hijack Gradle plugins, typosquat the Plugin Portal, and inject code into build.gradle files to run with full CI trust — and how to stop it.

Jan 29, 20268 min read
DevSecOps

Jira and Docker: Integrating Security Workflows

Jira docker integration for security teams usually means auto-filing tickets from container scan findings — here's how to wire it without flooding the backlog with noise.

Jan 28, 20265 min read
Container Security

How to enable and configure Amazon ECR image scanning for...

A step-by-step guide to enabling AWS ECR image scanning, from basic vs. enhanced scanning and scan-on-push to CI/CD gating, finding triage, and troubleshooting.

Jan 21, 20267 min read
DevSecOps

What is a CI/CD Secrets Leak

A CI/CD secrets leak exposes real credentials through build logs, forks, or compromised Actions. Here's how it happens and how to stop it.

Jan 20, 20267 min read
ci-cd-security (Page 10) — Safeguard Blog