ci-cd
Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.
153 articles
How to Audit Open Source Licenses for Compliance
A senior engineer's playbook for auditing open source licenses across modern polyglot repos, from SPDX extraction to enforcement in CI and legal reporting.
Pre-Commit Hooks For Secure Supply Chain Default
Pre-commit hooks are the cheapest place to enforce supply chain hygiene. A practical guide to designing hooks developers leave installed.
CVE-2024-23897 Jenkins CLI File Read Deep Dive
CVE-2024-23897 is a Jenkins CLI arbitrary file-read flaw that leaks secrets and enables RCE chains. Root cause, exploitation, and patch guidance.
Dependency Update Triage Strategy for Eng Teams
An update PR is not a security finding. Here is a triage model that keeps reachability, risk, and engineering effort in the right conversation.
GitOps
What is GitOps? A clear definition of the Git-driven deployment model, how it differs from DevOps, and what its security model protects against.
How to set up SBOM generation in a CI pipeline
Learn how to build an SBOM generation CI pipeline with Syft and GitHub Actions, covering scanning, signing, storage, and verification for supply chain visibility.
Dependabot vs. Renovate: Operational Experience
Both tools open the same kind of PR. The differences that matter at scale show up in configuration, grouping, platform support, and what happens when something breaks.
How to scan container images for vulnerabilities with Trivy
Learn how to scan container images with Trivy: install it, run your first scan, filter by severity, and gate builds automatically in CI/CD pipelines.
How to set up DAST scanning in a CI/CD pipeline
A practical guide to building a DAST scanning CI/CD pipeline with OWASP ZAP — setup, integration, rule tuning, and troubleshooting for real deployments.
SLSA Level 3 Implementation Blueprint 2026
A practical blueprint for reaching SLSA Level 3 in 2026: hosted builders, provenance generation, verification gates, and the operational habits that hold the line.
Getting Started: Safeguard GitHub Actions Gate
Set up the Safeguard GitHub Action to block risky pull requests on dependency vulnerabilities, license violations, and policy breaches before merge.
Supply Chain Security KPIs for Engineering Leaders
If you cannot measure your supply chain security posture, you cannot invest in it. Here are the KPIs that separate real programs from the theater.