ci-cd-security
Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.
186 articles
How to configure OWASP ZAP for automated scanning
A step-by-step guide to configuring OWASP ZAP for automated scanning in CI/CD, from Docker setup through baseline and API scans to pipeline gating.
How to set up software composition analysis (SCA)
A practical, step-by-step guide to setting up software composition analysis: choosing a tool, setting policy, and integrating scans into CI/CD.
How to scan Terraform for misconfigurations with Checkov
A hands-on guide to running Checkov against Terraform, triaging findings, writing custom policies, and blocking IaC misconfigurations before they merge.
The Shai-Hulud npm Supply Chain Attack Explained
How the Shai-Hulud worm turned compromised npm maintainer tokens into a self-replicating supply chain attack, and how to detect and remediate it.
How to secure Jenkins pipelines
A step-by-step guide to secure Jenkins pipelines: hardening the controller, fixing credentials management, RBAC setup, agent isolation, and supply chain verification.
The Codecov Supply Chain Attack Explained
A breakdown of the 2021 Codecov breach: how the Bash Uploader was compromised, what CI secrets were exposed, and the remediation steps teams need now.
What is Artifact Repository Security
Artifact repositories are prime attack targets — one poisoned package reaches every downstream consumer. Here's what actually secures them.
What is a Trust Boundary
A trust boundary is where data crosses into a higher-privilege context and must be verified. Learn where they hide and how breaches like Log4Shell exploited them.
Gradle build script injection and plugin supply chain att...
How attackers hijack Gradle plugins, typosquat the Plugin Portal, and inject code into build.gradle files to run with full CI trust — and how to stop it.
Jira and Docker: Integrating Security Workflows
Jira docker integration for security teams usually means auto-filing tickets from container scan findings — here's how to wire it without flooding the backlog with noise.
How to enable and configure Amazon ECR image scanning for...
A step-by-step guide to enabling AWS ECR image scanning, from basic vs. enhanced scanning and scan-on-push to CI/CD gating, finding triage, and troubleshooting.
What is a CI/CD Secrets Leak
A CI/CD secrets leak exposes real credentials through build logs, forks, or compromised Actions. Here's how it happens and how to stop it.