Safeguard
Tag

ci-cd

Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.

153 articles

Software Supply Chain Security

Build System Poisoning Techniques: How Attackers Corrupt Your Pipeline

Build systems transform source code into deployable artifacts. When attackers poison the build, every artifact is compromised. Here is how it happens.

Sep 8, 20234 min read
DevSecOps

DevSecOps Toolchain Integration Patterns That Actually Work

Most DevSecOps tool integrations fail because they are bolted on rather than designed in. Here are integration patterns that provide security value without breaking the developer experience.

Aug 18, 20236 min read
How-To Guide

Automated Security Testing in CI/CD Pipelines

A hands-on guide to embedding SAST, SCA, secret scanning, and container analysis into your CI/CD pipeline without making builds unbearably slow.

Jul 22, 20236 min read
DevSecOps

CI/CD Secret Sprawl: How Pipeline Credentials Become Your Biggest Risk

Your CI/CD pipeline has more credentials than your production environment. Secret sprawl across pipelines creates a massive attack surface that most teams cannot even inventory.

Jul 20, 20235 min read
DevSecOps

Environment Variable Injection in CI/CD Pipelines

Environment variables in CI/CD systems carry secrets, configuration, and control flow. When attackers can inject or modify them, everything breaks.

May 8, 20234 min read
Application Security

Dynamic Application Security Testing: A Practitioner's Guide to DAST Done Right

DAST finds what source code analysis cannot. Here is how to set it up, tune it, and actually get value from it in a modern CI/CD pipeline.

Mar 18, 20237 min read
Incident Analysis

CircleCI Credential Rotation: The Mass-Reset Event

CircleCI told every customer to rotate every secret on January 4, 2023. Here is what actually happened and why the scope was total.

Jan 10, 20237 min read
Build Security

Build Reproducibility: A Verification Guide

If you cannot reproduce a build bit-for-bit, you cannot verify it was not tampered with. This guide covers deterministic builds, reproducibility verification, and why it matters for supply chain trust.

Oct 25, 20227 min read
How-To Guide

Setting Up Dependency Scanning on GitHub

A hands-on walkthrough for configuring automated dependency scanning in your GitHub repositories, from Dependabot alerts to custom CI workflows.

Aug 22, 20226 min read
DevSecOps

Securing GitHub Actions: Hardening Your CI/CD Supply Chain

GitHub Actions is a powerful CI/CD platform — and a significant attack surface. Here's how to lock it down against supply chain threats.

Aug 15, 20226 min read
DevSecOps

Environment Variable Injection in CI/CD: The Invisible Attack Surface

CI/CD pipelines trust environment variables implicitly. Injecting or modifying them can hijack builds, steal secrets, and compromise deployments.

Jun 20, 20224 min read
DevSecOps

CI/CD Pipeline Audit Logging: What to Capture and Why

Your CI/CD pipeline is a high-value target. Without proper audit logging, you will not know when it has been compromised until it is too late.

Apr 28, 20226 min read
ci-cd (Page 12) — Safeguard Blog