ci-cd-security
Safeguard articles tagged "ci-cd-security" — guides, analysis, and best practices for software supply chain and application security.
186 articles
What is Continuous Security
Continuous security scans code, dependencies, containers, and infra on every commit — not once a quarter. Here's how it works and why it replaced periodic audits.
What is Shift Left Testing
Shift left testing moves security checks from a pre-release gate into commit, PR, and build time. Here's how it works, what it costs to skip, and its pitfalls.
What is Security as Code
Security as code turns policies and controls into version-controlled, pipeline-enforced rules. Here's what it looks like, why it matters, and how to adopt it.
What is CI/CD Pipeline Poisoning
CI/CD pipeline poisoning lets attackers hijack your build automation to steal secrets and plant backdoors. Here's how it works and how to stop it.
What is Code Signing
Code signing proves who published software and that it wasn't tampered with — but SolarWinds, CCleaner, and 3CX show signed doesn't mean safe.
What is the SLSA Framework
SLSA defines four build integrity levels to stop supply chain tampering. Learn what each level requires, who's adopting it, and its real limits.
DevSecOps Consulting: When It's Actually Worth Hiring Out
A practical test for when DevSecOps consulting pays for itself versus when it just delays building internal capability, with the questions to ask before signing a statement of work.
Build provenance
What is build provenance and why does it matter? A practical guide to SLSA attestations, provenance predicates, and verification pipelines for software supply chains.
TOCTOU (Time-of-check to time-of-use)
TOCTOU flaws let attackers swap a file or resource after it's validated but before it's used, turning a safe check into an exploitable race.
How to set up SAST scanning in a GitHub Actions pipeline
A step-by-step guide to setting up SAST scanning in GitHub Actions with CodeQL and Semgrep, including config, gating, and troubleshooting tips.
How to configure GitHub branch protection rules
A practical guide to configuring GitHub branch protection rules — required reviews, status checks, and security settings that keep your main branch safe.
How to implement software supply chain security with SLSA
A step-by-step guide to implement SLSA supply chain security: map risk, generate signed provenance, and enforce verification before deploy.