Safeguard
Tag

ci-cd

Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.

153 articles

DevSecOps

Ephemeral Environments for Security Testing: A Modern Approach

Ephemeral environments — short-lived, on-demand copies of your application stack — are transforming how teams approach security testing. No more fighting over shared staging environments.

Apr 25, 20225 min read
DevSecOps

Temp File Race Conditions in Build Systems: The TOCTOU Problem

Build systems create and process temporary files constantly. Race conditions in temp file handling can be exploited to inject malicious content into builds.

Apr 15, 20225 min read
Supply Chain Security

Azure DevOps Supply Chain Risks: Securing Your Microsoft CI/CD Pipeline

Azure DevOps pipelines present unique supply chain risks from marketplace extensions to service connections. A breakdown of the attack surface and how to harden it.

Apr 15, 20226 min read
DevSecOps

SBOM Automation in CI/CD Pipelines: A Hands-On Guide

Generating SBOMs manually is unsustainable. Here's how to automate SBOM creation, validation, and distribution as part of your existing CI/CD pipeline with practical examples.

Apr 8, 20225 min read
DevSecOps

GitHub Actions Security: Hidden Supply Chain Risks

GitHub Actions workflows execute third-party code with access to your repository secrets. Most teams don't realize how much trust they're placing in action authors.

Sep 25, 20215 min read
Incident Analysis

Travis CI Token Leak Retrospective

Travis CI exposed secrets from public repo forks for weeks in 2021. Here is the exact defect, who was affected, and the permanent takeaways.

Sep 20, 20216 min read
DevSecOps

DevSecOps Maturity Model: Where Does Your Organization Stand?

Most teams claim they've adopted DevSecOps. Few have actually matured beyond running a scanner in CI. Here's a practical maturity model to figure out where you really are.

Aug 28, 20218 min read
DevSecOps

Securing CI/CD Pipelines from Supply Chain Attacks

CI/CD pipelines are the new attack surface. From poisoned dependencies to compromised build tools, here's how to lock down your software delivery infrastructure.

Aug 20, 20216 min read
Incident Analysis

Codecov Bash Uploader Compromise: A Retrospective

A single altered line in Codecov's Bash Uploader leaked CI secrets for 69 days across thousands of repos. Here is what actually happened and why.

Apr 15, 20216 min read
ci-cd (Page 13) — Safeguard Blog