ci-cd-security
Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.
186 articles
How Snyk Open Source's PR checks block merges based on se...
A technical look at how Snyk Open Source's PR checks scan pull requests, compare severity to configured thresholds, and gate merges in CI/CD.
How Snyk's CLI test command differs technically from the ...
A technical breakdown of how Snyk's snyk test and snyk monitor commands differ mechanically — exit codes, dependency snapshots, and continuous vulnerability tracking.
How the Snyk CLI's JSON output format supports custom too...
A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.
How snyk-to-html converts CLI scan results into shareable...
A technical look at how snyk-to-html converts Snyk CLI JSON scan output into shareable, self-contained HTML reports for CI pipelines and audits.
How the Snyk CLI generates SARIF output for GitHub code s...
A technical walkthrough of how the Snyk CLI serializes scan results into SARIF 2.1.0 and how GitHub code scanning ingests them into Security tab alerts.
How Snyk's GitHub Actions integration scans pull requests...
A mechanical breakdown of how Snyk's GitHub Actions integration scans pull requests: triggers, SARIF uploads, severity thresholds, and what the checks can't see.
How Snyk's GitLab CI/CD template integrates security gate...
A technical look at how Snyk's GitLab CI/CD template authenticates, scans, and uses severity thresholds to block merge requests with known vulnerabilities.
How Snyk integrates with Jenkins to fail builds on new vu...
A mechanical look at how the Snyk Jenkins plugin scans manifests, applies severity thresholds, and turns newly disclosed vulnerabilities into failed builds.
How Snyk's Azure Pipelines and Bitbucket Pipelines integr...
Snyk's CLI, Azure Pipelines extension, and Bitbucket pipe handle auth, gating, and reporting differently — here's how each mechanism actually works under the hood.
The Real Trade-Off Between Deployment Speed and Cloud Sec...
Deployment speed and cloud security maturity aren't opposites. Real breaches trace to blind spots, not velocity — here's what the data actually shows engineering leaders.
Why Automated Package Publishing Pipelines Are a Growing ...
From tj-actions to xz utils, attackers are hijacking CI/CD pipelines to poison packages at the source. Here's why publishing pipelines are the new frontline.
Continuous Integration Security: A Checklist
Continuous integration security means treating your CI pipeline as a production system, because an attacker who compromises your CI runner can ship malicious code as easily as your own engineers.