Safeguard
Tag

ci-cd-security

Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.

186 articles

Incident Analysis

Dropbox 2022: The Supply Chain Angle

Dropbox's 2022 GitHub phishing incident began with a developer-targeted CircleCI lookalike campaign; the supply chain lessons centered on CI tokens and code.

Jul 18, 20246 min read
DevSecOps

DevSecOps Meaning: Definition, Model, and How It Differs From SecDevOps

DevSecOps means making security a shared, automated responsibility inside the DevOps loop. Here is the working definition, the operating model, and why the SecDevOps naming debate mostly misses the point.

Jun 11, 20246 min read
DevSecOps

DevSecOps Definition: How It Differs From DevOps and SecOps Alone

The devsecops definition that actually matters isn't a new tool category — it's making security a shared responsibility across the pipeline instead of a gate at the end.

May 13, 20245 min read
Concepts

What is Egress Filtering in CI

Egress filtering in CI restricts where build jobs can send traffic, so a compromised dependency can't exfiltrate your secrets. Here's how to roll it out without breaking builds.

May 8, 20247 min read
DevSecOps

What Is DevSecOps? Explained in Plain Terms

A plain-terms answer to devsecops o que e, the Portuguese-language version of 'what is DevSecOps,' with the same explanation that applies regardless of what language you searched in.

May 8, 20245 min read
Engineering

SLSA Level 3 in Practice: What It Takes

SLSA Build L3 is achievable in a week per repo if you use a hosted builder — and nearly impossible if you insist on rolling your own. Here is the practical path.

Apr 19, 20246 min read
Compliance

ISO 27001 Annex A Controls That Touch Your Build Pipeline

ISO 27001:2022 has 93 Annex A controls, and about a dozen land squarely on CI/CD. Here's the control-by-control map from clause number to pipeline artifact.

Mar 20, 20246 min read
DevSecOps

Travis CI Security Best Practices

Security hardening for Travis CI pipelines covering secret management, build isolation, and migration considerations for teams still on the platform.

Nov 12, 20236 min read
DevSecOps

Dagger CI/CD Security Benefits

How Dagger's containerized pipeline model improves CI/CD security with hermetic builds, portability, and reduced platform dependency.

Oct 28, 20236 min read
Vulnerability Analysis

JetBrains TeamCity CVE-2023-42793: When Your Build Server Becomes the Attack Vector

A critical authentication bypass in TeamCity allowed unauthenticated attackers to gain admin access to CI/CD servers. State-sponsored groups exploited it to compromise software supply chains.

Oct 3, 20236 min read
DevSecOps

CircleCI Security Configuration Guide

Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.

Jul 8, 20235 min read
DevSecOps

Harness CI/CD Security Features

Leveraging Harness platform security capabilities including governance policies, secret management, and pipeline security controls.

Jun 28, 20235 min read
ci-cd-security (Page 15) — Safeguard Blog