Safeguard
Tag

ci-cd-security

Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.

186 articles

DevSecOps

What is Continuous Security

Continuous security scans code, dependencies, containers, and infra on every commit — not once a quarter. Here's how it works and why it replaced periodic audits.

Mar 8, 20266 min read
DevSecOps

What is Shift Left Testing

Shift left testing moves security checks from a pre-release gate into commit, PR, and build time. Here's how it works, what it costs to skip, and its pitfalls.

Mar 7, 20267 min read
DevSecOps

What is Security as Code

Security as code turns policies and controls into version-controlled, pipeline-enforced rules. Here's what it looks like, why it matters, and how to adopt it.

Mar 7, 20267 min read
DevSecOps

What is CI/CD Pipeline Poisoning

CI/CD pipeline poisoning lets attackers hijack your build automation to steal secrets and plant backdoors. Here's how it works and how to stop it.

Mar 7, 20267 min read
DevSecOps

What is Code Signing

Code signing proves who published software and that it wasn't tampered with — but SolarWinds, CCleaner, and 3CX show signed doesn't mean safe.

Mar 6, 20266 min read
Software Supply Chain Security

What is the SLSA Framework

SLSA defines four build integrity levels to stop supply chain tampering. Learn what each level requires, who's adopting it, and its real limits.

Mar 6, 20266 min read
DevSecOps

DevSecOps Consulting: When It's Actually Worth Hiring Out

A practical test for when DevSecOps consulting pays for itself versus when it just delays building internal capability, with the questions to ask before signing a statement of work.

Mar 5, 20265 min read
Software Supply Chain Security

Build provenance

What is build provenance and why does it matter? A practical guide to SLSA attestations, provenance predicates, and verification pipelines for software supply chains.

Mar 3, 20267 min read
Industry Analysis

TOCTOU (Time-of-check to time-of-use)

TOCTOU flaws let attackers swap a file or resource after it's validated but before it's used, turning a safe check into an exploitable race.

Feb 28, 20267 min read
DevSecOps

How to set up SAST scanning in a GitHub Actions pipeline

A step-by-step guide to setting up SAST scanning in GitHub Actions with CodeQL and Semgrep, including config, gating, and troubleshooting tips.

Feb 18, 20267 min read
Software Supply Chain Security

How to configure GitHub branch protection rules

A practical guide to configuring GitHub branch protection rules — required reviews, status checks, and security settings that keep your main branch safe.

Feb 18, 20268 min read
Software Supply Chain Security

How to implement software supply chain security with SLSA

A step-by-step guide to implement SLSA supply chain security: map risk, generate signed provenance, and enforce verification before deploy.

Feb 17, 20268 min read
ci-cd-security (Page 9) — Safeguard Blog