Safeguard
Tag

ci-cd-security

Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.

186 articles

DevSecOps

Integrating Security Into the DevSecOps Toolchain

Integrating security into the DevSecOps toolchain works when scanning is wired into the tools engineers already use, not bolted on as a separate gate at the end.

Apr 2, 20265 min read
Software Supply Chain Security

Software supply chain security: threat vectors & solutions

Real incidents, real numbers: how modern software supply chain threat vectors work, why SBOMs alone don't stop them, and what actually closes the gap.

Apr 2, 20268 min read
AI Security

Prompt Injection in CI/CD Pipelines: Attack Paths and Defenses

When LLMs review PRs, triage issues, and fix builds, every commit message becomes attacker input. The concrete attack paths through GitHub Actions and what blocks them.

Mar 26, 20266 min read
DevSecOps

What is DevSecOps? (principles, workflow, tooling)

DevSecOps explained: the principles, CI/CD workflow, and scanning tools that build security into every commit instead of bolting it on at release.

Mar 26, 20267 min read
AppSec

Application Security Automation: What to Automate First

Automation pays off in a strict order: dependencies, secrets, static analysis, then dynamic testing. Here is the sequence, why it works, and what should stay manual.

Mar 24, 20266 min read
AppSec

Security Testing Automation: What to Automate, and What Not To

Security testing automation pays off fastest on repetitive, well-defined checks — here's a clear line between what to automate and what still needs a human.

Mar 22, 20265 min read
Container Security

3 Steps to Secure Container Images

A stock base image ships 180+ unused packages. Learn the 3 steps to secure container images: minimize, prioritize by reachability, and enforce.

Mar 21, 20267 min read
DevSecOps

DevSecOps Integration: Wiring Security Into Pipelines You Already Have

You do not need a new pipeline — you need to instrument the one you have. A stage-by-stage map for DevSecOps integration in Jenkins, GitHub Actions, GitLab CI, or Azure DevOps.

Mar 19, 20266 min read
Guides

How to Rotate Leaked CI Secrets Without Downtime

A leaked CI credential does not have to mean an outage. The dual-credential pattern: issue new alongside old, cut over, verify with usage logs, then revoke — plus what to do after.

Mar 13, 20266 min read
Infrastructure Security

What is Policy as Code

Policy as code turns security and compliance rules into version-controlled, testable code enforced automatically in CI/CD, admission control, and runtime.

Mar 12, 20268 min read
Infrastructure Security

What is GitOps Security

GitOps turns your Git repo into the source of truth for production, so one bad commit or stolen credential can mean a full cluster takeover.

Mar 11, 20267 min read
DevSecOps

What is CI/CD Pipeline Security

CI/CD pipeline security explained: how SolarWinds, Codecov, CircleCI, and tj-actions were breached, and concrete steps to lock down your build pipeline.

Mar 8, 20266 min read
ci-cd-security (Page 8) — Safeguard Blog