ci-cd-security
Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.
186 articles
Dropbox 2022: The Supply Chain Angle
Dropbox's 2022 GitHub phishing incident began with a developer-targeted CircleCI lookalike campaign; the supply chain lessons centered on CI tokens and code.
DevSecOps Meaning: Definition, Model, and How It Differs From SecDevOps
DevSecOps means making security a shared, automated responsibility inside the DevOps loop. Here is the working definition, the operating model, and why the SecDevOps naming debate mostly misses the point.
DevSecOps Definition: How It Differs From DevOps and SecOps Alone
The devsecops definition that actually matters isn't a new tool category — it's making security a shared responsibility across the pipeline instead of a gate at the end.
What is Egress Filtering in CI
Egress filtering in CI restricts where build jobs can send traffic, so a compromised dependency can't exfiltrate your secrets. Here's how to roll it out without breaking builds.
What Is DevSecOps? Explained in Plain Terms
A plain-terms answer to devsecops o que e, the Portuguese-language version of 'what is DevSecOps,' with the same explanation that applies regardless of what language you searched in.
SLSA Level 3 in Practice: What It Takes
SLSA Build L3 is achievable in a week per repo if you use a hosted builder — and nearly impossible if you insist on rolling your own. Here is the practical path.
ISO 27001 Annex A Controls That Touch Your Build Pipeline
ISO 27001:2022 has 93 Annex A controls, and about a dozen land squarely on CI/CD. Here's the control-by-control map from clause number to pipeline artifact.
Travis CI Security Best Practices
Security hardening for Travis CI pipelines covering secret management, build isolation, and migration considerations for teams still on the platform.
Dagger CI/CD Security Benefits
How Dagger's containerized pipeline model improves CI/CD security with hermetic builds, portability, and reduced platform dependency.
JetBrains TeamCity CVE-2023-42793: When Your Build Server Becomes the Attack Vector
A critical authentication bypass in TeamCity allowed unauthenticated attackers to gain admin access to CI/CD servers. State-sponsored groups exploited it to compromise software supply chains.
CircleCI Security Configuration Guide
Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.
Harness CI/CD Security Features
Leveraging Harness platform security capabilities including governance policies, secret management, and pipeline security controls.