ci-cd
Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.
153 articles
Buildkite Supply Chain Hardening
A practical hardening guide for Buildkite: agent isolation, pipeline upload security, plugin risks, and the agent-token rotation strategy that keeps the trust model intact.
Docker Hub Rate Limit Changes and CI Impact
Docker's 2024 rate-limit reforms hit CI pipelines hard. Measured impact on 30 real build farms and the mirror and pull-through controls that fixed it.
SLSA Builder Requirements in Production
The SLSA specification sets explicit requirements for builders at each level. Here is what those requirements actually mean when you operate a builder in production.
SecDevOps vs DevSecOps: Is There Actually a Difference?
The SecDevOps definition and the DevSecOps definition describe nearly identical practices, but the word order isn't purely cosmetic, it signals a real difference in where security sits in the pipeline.
Drone CI Security Considerations
A security-focused look at Drone CI: runner isolation, secret handling, plugin risks, and the differences between Drone OSS, Enterprise, and the Harness transition.
bundler-audit Production Setup
A practical guide to running bundler-audit in production CI pipelines, including advisory database updates, exception handling, and integration with remediation workflows.
AWS CodePipeline Hardening Patterns
CodePipeline is the glue between your source, build, and deploy. It is also the thing that gets the widest IAM role in most AWS accounts. Here is how to harden it without rewriting your pipelines.
Gradle Build Cache Security Hardening
The Gradle build cache is a performance feature with supply chain consequences. Here is how to configure it so cache poisoning, stale outputs, and cross-project contamination do not become your next incident.
Safeguard CLI: Supply Chain Security Without Leaving Your Terminal
The Safeguard CLI brings SBOM generation, vulnerability scanning, policy checks, and supply chain queries directly into your development workflow.
Harness.io Supply Chain Security Reviewed
A security review of the Harness.io platform covering SSCA, CI/CD governance, STO integration, and the practical configuration required to get a production-grade supply chain posture.
SOX IT Controls Meet Software Controls
Sarbanes-Oxley IT general controls predate modern software delivery. Here's how change management, access, and segregation of duties controls actually look when applied to CI/CD pipelines and software components.
AWS CodeBuild Supply Chain Hardening Guide
CodeBuild projects are where most AWS supply chain compromises end up executing. Here is a practical hardening guide built from years of incident response, with specific buildspec controls and IAM patterns.