ci-cd-security
Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.
186 articles
CircleCI Security Incident January 2023: What Happened and What We Learned
CircleCI's January 2023 breach exposed secrets for thousands of organizations. Here's how the attack unfolded and what it means for CI/CD security.
Penetration Testing the Software Supply Chain
Traditional pentests focus on the application. Supply chain pentesting targets the build pipeline, dependency resolution, and distribution mechanisms. Here is how to approach it.
Jenkins Pipeline Security Hardening
How to lock down Jenkins pipelines against credential theft, script injection, and unauthorized access with practical hardening steps.
Tekton Pipeline Security Guide
Securing Tekton CI/CD pipelines on Kubernetes with task isolation, supply chain verification, and least-privilege service accounts.
GitHub Actions Security Best Practices in 2022
A practical guide to hardening your GitHub Actions workflows against supply chain attacks, secret leaks, and privilege escalation.
Codecov Bash Uploader Compromise: A Supply Chain Attack on CI/CD
Attackers modified Codecov's bash uploader script to steal environment variables from CI pipelines. Thousands of repositories were exposed for two months.