Safeguard
Tag

ci-cd

Safeguard articles tagged "ci-cd" — guides, analysis, and best practices for software supply chain and application security.

153 articles

Dev Practices

Git Branching Strategies With Security Gates

Trunk-based, GitHub Flow, or GitFlow — your branching model decides where security checks can actually block bad code. Here is how to wire gates into each.

Jun 24, 20256 min read
AppSec

DAST Tools for DevSecOps Teams

The best DAST tools for DevSecOps teams run inside CI/CD rather than as a separate pre-launch step, and Gartner's own analysis of the DAST market backs that shift as the defining trend.

Jun 23, 20255 min read
Vulnerability Response

CVE-2025-47884 in Jenkins OpenID Connect Provider: Patch Posture & SBOM Response

Jenkins OIDC Provider plugin token impersonation scored CVSS 9.1. Defender playbook for CI/CD identity infrastructure.

May 16, 20256 min read
Containers

Docker and Container Security Best Practices: A Combined Checklist

A single, practical checklist covering dockers and containers together — image build, runtime config, and CI gates — instead of treating Docker security and container security as separate problems.

Mar 18, 20255 min read
Supply Chain Security

GitHub Actions Supply Chain Attack: The tj-actions/changed-files Compromise

Attackers compromised the popular tj-actions/changed-files GitHub Action, injecting credential-stealing code that affected over 23,000 repositories. A textbook software supply chain attack.

Mar 15, 20256 min read
Containers

Container Image Vulnerability Scanning in CI

How to wire container image vulnerability scanning into your CI pipeline so builds fail on real risk instead of shipping unscanned images to production.

Feb 18, 20256 min read
Industry Analysis

OpenTelemetry for Supply Chain Traces: Instrumenting the Pipeline

How OpenTelemetry turns CI/CD pipelines into a traceable, queryable graph that exposes supply chain risk from source control to production deployment.

Dec 18, 20247 min read
Industry Analysis

DevSecOps Automation Maturity in 2024: Where Teams Actually Stand

Industry surveys and real-world data paint a sobering picture of DevSecOps automation maturity. Most organizations are still in the early stages despite years of investment.

Dec 5, 20247 min read
DevSecOps

Woodpecker CI Security Review

A security review of Woodpecker CI, the community fork of Drone: runner isolation, secret handling, plugin ecosystem, and the trade-offs of running a self-hosted lightweight CI.

Dec 2, 20248 min read
DevSecOps

Go Build Cache Poisoning Risks

The Go build cache makes builds fast and reproducible, but a poisoned cache can reuse malicious compiled output indefinitely while the source looks clean.

Nov 28, 20247 min read
Industry Analysis

Grafana Loki for Build Pipeline Logs: Patterns That Scale

Design a Loki-based log pipeline for CI/CD observability and supply chain forensics. Labels, retention, LogQL patterns, and cost discipline from the field.

Nov 12, 20247 min read
DevSecOps

Concourse CI Supply Chain Hardening

A practical hardening guide for Concourse CI: resource type trust, worker isolation, team-level RBAC, and the var source security that underpins the platform's multi-tenancy model.

Nov 8, 20248 min read
ci-cd (Page 9) — Safeguard Blog