ci-cd
Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.
153 articles
Ephemeral Environments for Security Testing: A Modern Approach
Ephemeral environments — short-lived, on-demand copies of your application stack — are transforming how teams approach security testing. No more fighting over shared staging environments.
Temp File Race Conditions in Build Systems: The TOCTOU Problem
Build systems create and process temporary files constantly. Race conditions in temp file handling can be exploited to inject malicious content into builds.
Azure DevOps Supply Chain Risks: Securing Your Microsoft CI/CD Pipeline
Azure DevOps pipelines present unique supply chain risks from marketplace extensions to service connections. A breakdown of the attack surface and how to harden it.
SBOM Automation in CI/CD Pipelines: A Hands-On Guide
Generating SBOMs manually is unsustainable. Here's how to automate SBOM creation, validation, and distribution as part of your existing CI/CD pipeline with practical examples.
GitHub Actions Security: Hidden Supply Chain Risks
GitHub Actions workflows execute third-party code with access to your repository secrets. Most teams don't realize how much trust they're placing in action authors.
Travis CI Token Leak Retrospective
Travis CI exposed secrets from public repo forks for weeks in 2021. Here is the exact defect, who was affected, and the permanent takeaways.
DevSecOps Maturity Model: Where Does Your Organization Stand?
Most teams claim they've adopted DevSecOps. Few have actually matured beyond running a scanner in CI. Here's a practical maturity model to figure out where you really are.
Securing CI/CD Pipelines from Supply Chain Attacks
CI/CD pipelines are the new attack surface. From poisoned dependencies to compromised build tools, here's how to lock down your software delivery infrastructure.
Codecov Bash Uploader Compromise: A Retrospective
A single altered line in Codecov's Bash Uploader leaked CI secrets for 69 days across thousands of repos. Here is what actually happened and why.