Safeguard
Tag

ci-cd-security

Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.

186 articles

Open Source Security

How Snyk Open Source's PR checks block merges based on se...

A technical look at how Snyk Open Source's PR checks scan pull requests, compare severity to configured thresholds, and gate merges in CI/CD.

Aug 27, 20257 min read
Open Source Security

How Snyk's CLI test command differs technically from the ...

A technical breakdown of how Snyk's snyk test and snyk monitor commands differ mechanically — exit codes, dependency snapshots, and continuous vulnerability tracking.

Aug 22, 20257 min read
Industry Analysis

How the Snyk CLI's JSON output format supports custom too...

A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.

Aug 17, 20257 min read
Industry Analysis

How snyk-to-html converts CLI scan results into shareable...

A technical look at how snyk-to-html converts Snyk CLI JSON scan output into shareable, self-contained HTML reports for CI pipelines and audits.

Aug 17, 20258 min read
Product

How the Snyk CLI generates SARIF output for GitHub code s...

A technical walkthrough of how the Snyk CLI serializes scan results into SARIF 2.1.0 and how GitHub code scanning ingests them into Security tab alerts.

Aug 16, 20257 min read
Product

How Snyk's GitHub Actions integration scans pull requests...

A mechanical breakdown of how Snyk's GitHub Actions integration scans pull requests: triggers, SARIF uploads, severity thresholds, and what the checks can't see.

Aug 16, 20257 min read
DevSecOps

How Snyk's GitLab CI/CD template integrates security gate...

A technical look at how Snyk's GitLab CI/CD template authenticates, scans, and uses severity thresholds to block merge requests with known vulnerabilities.

Aug 16, 20257 min read
Product

How Snyk integrates with Jenkins to fail builds on new vu...

A mechanical look at how the Snyk Jenkins plugin scans manifests, applies severity thresholds, and turns newly disclosed vulnerabilities into failed builds.

Aug 16, 20257 min read
DevSecOps

How Snyk's Azure Pipelines and Bitbucket Pipelines integr...

Snyk's CLI, Azure Pipelines extension, and Bitbucket pipe handle auth, gating, and reporting differently — here's how each mechanism actually works under the hood.

Aug 15, 20257 min read
Container Security

The Real Trade-Off Between Deployment Speed and Cloud Sec...

Deployment speed and cloud security maturity aren't opposites. Real breaches trace to blind spots, not velocity — here's what the data actually shows engineering leaders.

Aug 5, 20258 min read
DevSecOps

Why Automated Package Publishing Pipelines Are a Growing ...

From tj-actions to xz utils, attackers are hijacking CI/CD pipelines to poison packages at the source. Here's why publishing pipelines are the new frontline.

Jul 30, 20257 min read
DevSecOps

Continuous Integration Security: A Checklist

Continuous integration security means treating your CI pipeline as a production system, because an attacker who compromises your CI runner can ship malicious code as easily as your own engineers.

Jul 30, 20256 min read
ci-cd-security (Page 13) — Safeguard Blog