ci-cd-security
Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.
186 articles
Integrating Security Into the DevSecOps Toolchain
Integrating security into the DevSecOps toolchain works when scanning is wired into the tools engineers already use, not bolted on as a separate gate at the end.
Software supply chain security: threat vectors & solutions
Real incidents, real numbers: how modern software supply chain threat vectors work, why SBOMs alone don't stop them, and what actually closes the gap.
Prompt Injection in CI/CD Pipelines: Attack Paths and Defenses
When LLMs review PRs, triage issues, and fix builds, every commit message becomes attacker input. The concrete attack paths through GitHub Actions and what blocks them.
What is DevSecOps? (principles, workflow, tooling)
DevSecOps explained: the principles, CI/CD workflow, and scanning tools that build security into every commit instead of bolting it on at release.
Application Security Automation: What to Automate First
Automation pays off in a strict order: dependencies, secrets, static analysis, then dynamic testing. Here is the sequence, why it works, and what should stay manual.
Security Testing Automation: What to Automate, and What Not To
Security testing automation pays off fastest on repetitive, well-defined checks — here's a clear line between what to automate and what still needs a human.
3 Steps to Secure Container Images
A stock base image ships 180+ unused packages. Learn the 3 steps to secure container images: minimize, prioritize by reachability, and enforce.
DevSecOps Integration: Wiring Security Into Pipelines You Already Have
You do not need a new pipeline — you need to instrument the one you have. A stage-by-stage map for DevSecOps integration in Jenkins, GitHub Actions, GitLab CI, or Azure DevOps.
How to Rotate Leaked CI Secrets Without Downtime
A leaked CI credential does not have to mean an outage. The dual-credential pattern: issue new alongside old, cut over, verify with usage logs, then revoke — plus what to do after.
What is Policy as Code
Policy as code turns security and compliance rules into version-controlled, testable code enforced automatically in CI/CD, admission control, and runtime.
What is GitOps Security
GitOps turns your Git repo into the source of truth for production, so one bad commit or stolen credential can mean a full cluster takeover.
What is CI/CD Pipeline Security
CI/CD pipeline security explained: how SolarWinds, Codecov, CircleCI, and tj-actions were breached, and concrete steps to lock down your build pipeline.