Safeguard
Tag

ci-cd

Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.

153 articles

Best Practices

How to Audit Open Source Licenses for Compliance

A senior engineer's playbook for auditing open source licenses across modern polyglot repos, from SPDX extraction to enforcement in CI and legal reporting.

Mar 2, 20268 min read
DevSecOps

Pre-Commit Hooks For Secure Supply Chain Default

Pre-commit hooks are the cheapest place to enforce supply chain hygiene. A practical guide to designing hooks developers leave installed.

Feb 28, 20268 min read
Vulnerability Analysis

CVE-2024-23897 Jenkins CLI File Read Deep Dive

CVE-2024-23897 is a Jenkins CLI arbitrary file-read flaw that leaks secrets and enables RCE chains. Root cause, exploitation, and patch guidance.

Feb 27, 20269 min read
DevSecOps

Dependency Update Triage Strategy for Eng Teams

An update PR is not a security finding. Here is a triage model that keeps reachability, risk, and engineering effort in the right conversation.

Feb 26, 20267 min read
DevSecOps

GitOps

What is GitOps? A clear definition of the Git-driven deployment model, how it differs from DevOps, and what its security model protects against.

Feb 24, 20268 min read
SBOM

How to set up SBOM generation in a CI pipeline

Learn how to build an SBOM generation CI pipeline with Syft and GitHub Actions, covering scanning, signing, storage, and verification for supply chain visibility.

Feb 21, 20268 min read
DevSecOps

Dependabot vs. Renovate: Operational Experience

Both tools open the same kind of PR. The differences that matter at scale show up in configuration, grouping, platform support, and what happens when something breaks.

Feb 20, 20267 min read
Container Security

How to scan container images for vulnerabilities with Trivy

Learn how to scan container images with Trivy: install it, run your first scan, filter by severity, and gate builds automatically in CI/CD pipelines.

Feb 19, 20267 min read
DevSecOps

How to set up DAST scanning in a CI/CD pipeline

A practical guide to building a DAST scanning CI/CD pipeline with OWASP ZAP — setup, integration, rule tuning, and troubleshooting for real deployments.

Feb 18, 20267 min read
Software Supply Chain Security

SLSA Level 3 Implementation Blueprint 2026

A practical blueprint for reaching SLSA Level 3 in 2026: hosted builders, provenance generation, verification gates, and the operational habits that hold the line.

Feb 15, 20266 min read
Tutorials

Getting Started: Safeguard GitHub Actions Gate

Set up the Safeguard GitHub Action to block risky pull requests on dependency vulnerabilities, license violations, and policy breaches before merge.

Feb 14, 20267 min read
DevSecOps

Supply Chain Security KPIs for Engineering Leaders

If you cannot measure your supply chain security posture, you cannot invest in it. Here are the KPIs that separate real programs from the theater.

Feb 14, 20267 min read
ci-cd (Page 6) — Safeguard Blog