ci-cd-security
Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.
186 articles
Building a security-conscious CI/CD pipeline
CI/CD pipelines are now the top supply chain target. Here's how to build one with real controls—secrets, scoping, SBOMs, and provenance.
8 tips for securing your CI/CD pipeline
Real incidents like tj-actions and xz-utils show how CI/CD pipelines get compromised. Eight concrete, actionable tips to lock yours down.
Building a secure CI/CD pipeline with GitHub Actions
The tj-actions breach exposed secrets in 23,000 repos. Here's how pwn requests, unpinned tags, and self-hosted runners put your CI/CD at risk.
Securing self-hosted GitHub Actions runners
Self-hosted GitHub Actions runners trade GitHub's ephemeral isolation for persistent infrastructure access — here's how real incidents like CVE-2025-30066 exploited that gap.
Shifting security left: what it really means for teams
Shift left security means catching vulnerabilities at commit time, not audit time. Here's what that requires in practice, with real CVEs and numbers.
CI/CD pipeline dependency security integration coverage
How does Safeguard's pipeline-native dependency security compare to Socket.dev's PR-comment model? A concrete look at coverage, enforcement, and deployment options.
Aikido Security alternatives: top picks compared
A side-by-side look at Aikido Security alternatives, comparing Safeguard's supply chain security scope, SBOM depth, and CI/CD fit.
Why EDR and proxy tools won't stop supply chain malware
EDR and network proxies were built to watch endpoints and traffic, not evaluate what a dependency does before it runs — here's why that gap keeps letting supply chain malware through.
Secrets detection: how it works and why it matters
How secrets detection tools catch leaked keys before attackers do, why breaches like Toyota's still happen, and how Safeguard compares to Aikido Security.
PulseMeter report: software supply chain risk perceptions
Safeguard's latest PulseMeter survey finds 71% of teams hit a supply chain incident this year, but only 34% feel confident they'd catch one in time.
Developer infrastructure posture: integrating ASPM early
Prisma Cloud built ASPM outward from the cloud. Real breaches like tj-actions and SolarWinds start earlier, in developer infrastructure that needs its own continuous posture model.
DevOps vs DevSecOps
DevOps ships code fast; DevSecOps ships it safely. Here's the concrete difference, backed by real breach data, costs, and pipeline mechanics.