Safeguard
Tag

ci-cd

Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.

153 articles

DevSecOps

Shift-Left Without Friction: Dev Experience 2026

Shift-left only works when developers stop noticing it. A 2026 playbook for moving supply chain checks earlier without burning the people who ship code.

Apr 12, 20268 min read
AppSec

Running DAST, SAST, and SCA in One Pipeline

Running sast dast sca as three separate checkpoints instead of one correlated pipeline is why most security backlogs are full of duplicate, unprioritized noise.

Apr 9, 20266 min read
DevSecOps

IDE-Time Feedback Loop For Supply Chain

The editor is the highest-leverage place to catch supply chain risk. A design guide for building IDE-time feedback that developers actually want.

Apr 8, 20267 min read
DevSecOps

CircleCI Orb Trust and Pinning in 2026

How to manage CircleCI orb trust in 2026: certified versus uncertified orbs, version pinning, contexts, OIDC, and the controls that hold under real attacker pressure.

Apr 8, 20266 min read
DevSecOps

PR-Time Policy Gates Developers Accept

The pull request is the highest-stakes moment in shift-left. A field guide to designing PR policy gates that block bad code without breaking trust.

Apr 4, 20267 min read
DevSecOps

CLI Tool Design For Developer Security Checks

A security CLI lives or dies on the experience of typing it. A design guide for building security tooling that respects the developer's terminal.

Mar 30, 20268 min read
DevSecOps

Jenkins Supply Chain Security Baseline 2026

A 2026 supply chain security baseline for Jenkins: plugin hygiene, agent isolation, Pipeline-as-Code discipline, credentials, and provenance integration.

Mar 28, 20266 min read
SBOM

SBOM GitHub Action / dropping SBOM tooling into CI workflows

Adding an SBOM GitHub Action like Anchore's is easy; making the output useful isn't. Here's what breaks in real CI pipelines and how to fix it.

Mar 28, 20268 min read
Application Security

Best Secrets Detection Tools: 2026 Buyer's Guide

A field comparison of the best secrets detection tools in 2026 across precision, secret variety, and CI integration for teams hardening their supply chain.

Mar 27, 20265 min read
DevSecOps

Developer Friction Budget For Supply Chain Tools

Every security tool spends developer attention. A framework for budgeting friction across IDE, CLI, and PR-time supply chain checks without going bankrupt.

Mar 25, 20268 min read
SBOM

SBOM Drift Detection Playbook for 2026

A practical playbook for detecting and responding to SBOM drift between source, build, and runtime, with the patterns that separate signal from noise.

Mar 22, 20266 min read
DevSecOps

Shift-Left, Shift-Everywhere: Program Design

Shift-left is necessary but insufficient. A program design that distributes supply chain checks across IDE, CLI, PR, build, and runtime — without redundancy.

Mar 20, 20267 min read
ci-cd (Page 4) — Safeguard Blog