ci-cd
Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.
153 articles
Shift-Left Without Friction: Dev Experience 2026
Shift-left only works when developers stop noticing it. A 2026 playbook for moving supply chain checks earlier without burning the people who ship code.
Running DAST, SAST, and SCA in One Pipeline
Running sast dast sca as three separate checkpoints instead of one correlated pipeline is why most security backlogs are full of duplicate, unprioritized noise.
IDE-Time Feedback Loop For Supply Chain
The editor is the highest-leverage place to catch supply chain risk. A design guide for building IDE-time feedback that developers actually want.
CircleCI Orb Trust and Pinning in 2026
How to manage CircleCI orb trust in 2026: certified versus uncertified orbs, version pinning, contexts, OIDC, and the controls that hold under real attacker pressure.
PR-Time Policy Gates Developers Accept
The pull request is the highest-stakes moment in shift-left. A field guide to designing PR policy gates that block bad code without breaking trust.
CLI Tool Design For Developer Security Checks
A security CLI lives or dies on the experience of typing it. A design guide for building security tooling that respects the developer's terminal.
Jenkins Supply Chain Security Baseline 2026
A 2026 supply chain security baseline for Jenkins: plugin hygiene, agent isolation, Pipeline-as-Code discipline, credentials, and provenance integration.
SBOM GitHub Action / dropping SBOM tooling into CI workflows
Adding an SBOM GitHub Action like Anchore's is easy; making the output useful isn't. Here's what breaks in real CI pipelines and how to fix it.
Best Secrets Detection Tools: 2026 Buyer's Guide
A field comparison of the best secrets detection tools in 2026 across precision, secret variety, and CI integration for teams hardening their supply chain.
Developer Friction Budget For Supply Chain Tools
Every security tool spends developer attention. A framework for budgeting friction across IDE, CLI, and PR-time supply chain checks without going bankrupt.
SBOM Drift Detection Playbook for 2026
A practical playbook for detecting and responding to SBOM drift between source, build, and runtime, with the patterns that separate signal from noise.
Shift-Left, Shift-Everywhere: Program Design
Shift-left is necessary but insufficient. A program design that distributes supply chain checks across IDE, CLI, PR, build, and runtime — without redundancy.