ci-cd-security
Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.
186 articles
Best ASPM Tools in 2026: Application Security Posture Management Compared
An honest buyer's guide to the best ASPM tools in 2026 — Apiiro, ArmorCode, Cycode, Snyk AppRisk, OX Security, and Safeguard — with a fair blurb and a best-for line for each, plus how AIBOM and supply chain risk reshape the category.
Why postinstall Scripts Became the Frontline of the Software Supply Chain Attack
Install-time script execution turned npm install and pip install into code-execution events. Here is how 2026's wave of attacks works, and the lockfile, allowlist, and sandbox discipline that actually stops it.
After the Worms: A CI/CD Security Playbook for Developer Credentials in 2026
The 2026 npm and PyPI worms proved that a trusted release pipeline is a credential vault. Here is what IronWorm and Mini Shai-Hulud actually exploited, and how to harden CI/CD before the next one lands.
Best DAST Tools in 2026: Web, API, and CI/CD Scanning Compared
An honest guide to the best DAST tools in 2026 — from OWASP ZAP and Burp Suite to Invicti, StackHawk, and Escape — with clear guidance on which fits web apps, APIs, and CI/CD-native pipelines, and where DAST stops and supply chain security begins.
Best SAST Tools in 2026: Semgrep, CodeQL, Snyk, and the AI Shift Compared
An honest buyer's guide to the best SAST tools in 2026 — from Semgrep and CodeQL to SonarQube, Snyk Code, and Checkmarx — plus how reachability analysis and agentic AI are reshaping static application security testing and where Safeguard fits.
DevOps vs DevSecOps: what actually changes when you add s...
DevOps vs DevSecOps isn't a mindset shift — it's specific new artifacts, gates, and ownership. Here's what changes, contrasted with JFrog's artifact-first model.
Policy-as-code for CI/CD: enforcing security gates withou...
How policy-as-code turns security gates from build-breaking friction into fast, git-versioned CI/CD checks — and where Safeguard's approach differs from JFrog's Xray and Curation model.
Top SAST solutions compared for 2026
Comparing Safeguard and Mend.io on SAST scope, CI/CD fit, and compliance coverage—what's verifiable, what to test yourself, and how a unified platform changes the tradeoffs.
Cheat sheet: 10 Bitbucket security best practices
A concrete, numbers-first cheat sheet covering the 10 Bitbucket security settings that stop misconfigurations from becoming supply chain breaches.
Top 8 DevSecOps best practices
Log4Shell and the xz backdoor show why DevSecOps matters. Eight concrete practices — from reachability triage to auto-fix PRs — teams can implement now.
How to implement DevSecOps in 4 steps
A concrete, 4-step playbook for implementing DevSecOps — pipeline gating, SBOM generation, reachability-based triage, and auto-fix PRs.
DevSecOps automation: principles, frameworks, and tools
A practical breakdown of DevSecOps automation frameworks — principles, standards like NIST SSDF, and the tools that turn shift-left security into a repeatable pipeline.