ci-cd
Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.
153 articles
Build System Poisoning Techniques: How Attackers Corrupt Your Pipeline
Build systems transform source code into deployable artifacts. When attackers poison the build, every artifact is compromised. Here is how it happens.
DevSecOps Toolchain Integration Patterns That Actually Work
Most DevSecOps tool integrations fail because they are bolted on rather than designed in. Here are integration patterns that provide security value without breaking the developer experience.
Automated Security Testing in CI/CD Pipelines
A hands-on guide to embedding SAST, SCA, secret scanning, and container analysis into your CI/CD pipeline without making builds unbearably slow.
CI/CD Secret Sprawl: How Pipeline Credentials Become Your Biggest Risk
Your CI/CD pipeline has more credentials than your production environment. Secret sprawl across pipelines creates a massive attack surface that most teams cannot even inventory.
Environment Variable Injection in CI/CD Pipelines
Environment variables in CI/CD systems carry secrets, configuration, and control flow. When attackers can inject or modify them, everything breaks.
Dynamic Application Security Testing: A Practitioner's Guide to DAST Done Right
DAST finds what source code analysis cannot. Here is how to set it up, tune it, and actually get value from it in a modern CI/CD pipeline.
CircleCI Credential Rotation: The Mass-Reset Event
CircleCI told every customer to rotate every secret on January 4, 2023. Here is what actually happened and why the scope was total.
Build Reproducibility: A Verification Guide
If you cannot reproduce a build bit-for-bit, you cannot verify it was not tampered with. This guide covers deterministic builds, reproducibility verification, and why it matters for supply chain trust.
Setting Up Dependency Scanning on GitHub
A hands-on walkthrough for configuring automated dependency scanning in your GitHub repositories, from Dependabot alerts to custom CI workflows.
Securing GitHub Actions: Hardening Your CI/CD Supply Chain
GitHub Actions is a powerful CI/CD platform — and a significant attack surface. Here's how to lock it down against supply chain threats.
Environment Variable Injection in CI/CD: The Invisible Attack Surface
CI/CD pipelines trust environment variables implicitly. Injecting or modifying them can hijack builds, steal secrets, and compromise deployments.
CI/CD Pipeline Audit Logging: What to Capture and Why
Your CI/CD pipeline is a high-value target. Without proper audit logging, you will not know when it has been compromised until it is too late.