Safeguard
Tag

ci-cd

Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.

153 articles

Application Security

A vendor-neutral framework for evaluating SAST tools

OWASP's Benchmark suite has run 2,740 fixed Java test cases since 2016, yet most SAST comparisons still amount to a vendor's self-reported false-positive number.

Jul 8, 20266 min read
AI Security

Guardrails for AI Coding Assistants in the SDLC

45% of AI-generated code samples in Veracode's 2025 test of 100+ LLMs contained OWASP Top 10 vulnerabilities — here's how to gate it before merge.

Jul 8, 20266 min read
DevSecOps

Why semantic versioning and release channels matter for security tools

A backdoor sat in xz-utils 5.6.0 and 5.6.1 for weeks before Andres Freund caught it — stable distro channels, not luck, kept it out of most production systems.

Jul 8, 20266 min read
DevSecOps

Reducing Docker image build time without sacrificing security

Multi-stage builds and minimal base images can cut CI build times dramatically — and they're the same changes that shrink your CVE attack surface.

Jul 7, 20266 min read
Guides

DevSecOps for Beginners: Building Security Into How You Ship

DevSecOps sounds like a buzzword, but the idea is refreshingly human: make security a shared, everyday part of building software rather than a gate at the end. Here is a friendly introduction with a first step to try today.

Jul 6, 20266 min read
Tutorials

How to Set Up a Vulnerability Policy Gate

Define a written, version-controlled policy for which vulnerabilities block a release, enforce it consistently across CLI and CI, and manage time-boxed exceptions without an allowlist that lives forever.

Jul 6, 20265 min read
FAQ

Automated Pull Request Fixes FAQ: How Fix PRs Are Built, Tested, and Merged

What an automated fix pull request contains, how CI validates it, how auto-merge gating works, and which SCM platforms and review workflows are supported.

Jul 5, 20265 min read
Security Guides

The Risks of Secrets in Environment Variables (2026)

Environment variables feel like the safe place to put secrets — but they leak through crash dumps, child processes, CI logs, and container layers. Here is where env-var secrets escape and what to do instead.

Jul 5, 20266 min read
Concepts

What Is Shift-Left Security? A Plain-English Explanation

Shift-left security means moving security checks earlier in development — into the IDE, the commit, and the pull request — so flaws are caught while they're cheap to fix. Here's what it actually means and how to do it without slowing teams down.

Jul 5, 20267 min read
Security Guides

.NET Dependency Vulnerability Scanning: A Practical Guide

How to scan .NET dependencies for known vulnerabilities using dotnet list package, NuGet audit, and reachability-aware SCA, and how to wire it into CI so nothing ships with a known critical.

Jul 4, 20265 min read
FAQ

Shift-Left Security FAQ: 2026 Explained

Common questions about shift-left security answered for 2026 — what it means, why earlier is cheaper, how it works in practice, and how to avoid overwhelming developers.

Jul 4, 20265 min read
FAQ

DevSecOps FAQ: Practical Answers for 2026

Straight answers to common DevSecOps questions in 2026 — what it means, how it differs from DevOps, where security fits in CI/CD, and how to avoid slowing developers down.

Jul 3, 20265 min read
ci-cd (Page 2) — Safeguard Blog