ci-cd
Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.
153 articles
A vendor-neutral framework for evaluating SAST tools
OWASP's Benchmark suite has run 2,740 fixed Java test cases since 2016, yet most SAST comparisons still amount to a vendor's self-reported false-positive number.
Guardrails for AI Coding Assistants in the SDLC
45% of AI-generated code samples in Veracode's 2025 test of 100+ LLMs contained OWASP Top 10 vulnerabilities — here's how to gate it before merge.
Why semantic versioning and release channels matter for security tools
A backdoor sat in xz-utils 5.6.0 and 5.6.1 for weeks before Andres Freund caught it — stable distro channels, not luck, kept it out of most production systems.
Reducing Docker image build time without sacrificing security
Multi-stage builds and minimal base images can cut CI build times dramatically — and they're the same changes that shrink your CVE attack surface.
DevSecOps for Beginners: Building Security Into How You Ship
DevSecOps sounds like a buzzword, but the idea is refreshingly human: make security a shared, everyday part of building software rather than a gate at the end. Here is a friendly introduction with a first step to try today.
How to Set Up a Vulnerability Policy Gate
Define a written, version-controlled policy for which vulnerabilities block a release, enforce it consistently across CLI and CI, and manage time-boxed exceptions without an allowlist that lives forever.
Automated Pull Request Fixes FAQ: How Fix PRs Are Built, Tested, and Merged
What an automated fix pull request contains, how CI validates it, how auto-merge gating works, and which SCM platforms and review workflows are supported.
The Risks of Secrets in Environment Variables (2026)
Environment variables feel like the safe place to put secrets — but they leak through crash dumps, child processes, CI logs, and container layers. Here is where env-var secrets escape and what to do instead.
What Is Shift-Left Security? A Plain-English Explanation
Shift-left security means moving security checks earlier in development — into the IDE, the commit, and the pull request — so flaws are caught while they're cheap to fix. Here's what it actually means and how to do it without slowing teams down.
.NET Dependency Vulnerability Scanning: A Practical Guide
How to scan .NET dependencies for known vulnerabilities using dotnet list package, NuGet audit, and reachability-aware SCA, and how to wire it into CI so nothing ships with a known critical.
Shift-Left Security FAQ: 2026 Explained
Common questions about shift-left security answered for 2026 — what it means, why earlier is cheaper, how it works in practice, and how to avoid overwhelming developers.
DevSecOps FAQ: Practical Answers for 2026
Straight answers to common DevSecOps questions in 2026 — what it means, how it differs from DevOps, where security fits in CI/CD, and how to avoid slowing developers down.