Safeguard
Tag

ci-cd-security

Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.

186 articles

DevSecOps

Building a security-conscious CI/CD pipeline

CI/CD pipelines are now the top supply chain target. Here's how to build one with real controls—secrets, scoping, SBOMs, and provenance.

May 18, 20266 min read
DevSecOps

8 tips for securing your CI/CD pipeline

Real incidents like tj-actions and xz-utils show how CI/CD pipelines get compromised. Eight concrete, actionable tips to lock yours down.

May 18, 20266 min read
DevSecOps

Building a secure CI/CD pipeline with GitHub Actions

The tj-actions breach exposed secrets in 23,000 repos. Here's how pwn requests, unpinned tags, and self-hosted runners put your CI/CD at risk.

May 18, 20267 min read
DevSecOps

Securing self-hosted GitHub Actions runners

Self-hosted GitHub Actions runners trade GitHub's ephemeral isolation for persistent infrastructure access — here's how real incidents like CVE-2025-30066 exploited that gap.

May 17, 20267 min read
DevSecOps

Shifting security left: what it really means for teams

Shift left security means catching vulnerabilities at commit time, not audit time. Here's what that requires in practice, with real CVEs and numbers.

May 15, 20266 min read
Product

CI/CD pipeline dependency security integration coverage

How does Safeguard's pipeline-native dependency security compare to Socket.dev's PR-comment model? A concrete look at coverage, enforcement, and deployment options.

May 13, 20267 min read
Buyer's Guides

Aikido Security alternatives: top picks compared

A side-by-side look at Aikido Security alternatives, comparing Safeguard's supply chain security scope, SBOM depth, and CI/CD fit.

May 7, 20267 min read
Best Practices

Why EDR and proxy tools won't stop supply chain malware

EDR and network proxies were built to watch endpoints and traffic, not evaluate what a dependency does before it runs — here's why that gap keeps letting supply chain malware through.

May 3, 20268 min read
Industry Analysis

Secrets detection: how it works and why it matters

How secrets detection tools catch leaked keys before attackers do, why breaches like Toyota's still happen, and how Safeguard compares to Aikido Security.

May 1, 20268 min read
Software Supply Chain Security

PulseMeter report: software supply chain risk perceptions

Safeguard's latest PulseMeter survey finds 71% of teams hit a supply chain incident this year, but only 34% feel confident they'd catch one in time.

Apr 25, 20267 min read
DevSecOps

Developer infrastructure posture: integrating ASPM early

Prisma Cloud built ASPM outward from the cloud. Real breaches like tj-actions and SolarWinds start earlier, in developer infrastructure that needs its own continuous posture model.

Apr 10, 20267 min read
DevSecOps

DevOps vs DevSecOps

DevOps ships code fast; DevSecOps ships it safely. Here's the concrete difference, backed by real breach data, costs, and pipeline mechanics.

Apr 6, 20267 min read
ci-cd-security (Page 7) — Safeguard Blog