Safeguard
Tag

cicd

Safeguard articles tagged "cicd" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Cloud Security

Catching Terraform Misconfigurations Before They Ever Reach Apply

Trivy replaced tfsec in 2023 and Checkov ships thousands of policies — here's how to wire open-source Terraform scanners into CI/CD before terraform apply runs.

Jul 16, 20266 min read
Container Security

Docker image vulnerability scanning: best practices for CI/CD

Log4Shell hid in countless container images for years before scanning caught it. Here's how to scan base layers and gate builds before that happens again.

Jul 13, 20267 min read
Concepts

DevSecOps Fundamentals

DevSecOps folds security into the fast, automated flow of modern development instead of bolting it on at the end. This guide explains what DevSecOps really means, how the pipeline works stage by stage, and the practices that make it stick.

Jul 8, 20266 min read
DevSecOps

Zero Trust for CI/CD Pipelines: A Concrete Blueprint

CI/CD runners are a top attacker target. Here's a concrete zero-trust blueprint using OIDC federation, pinned action SHAs, and short-lived identities.

Mar 24, 20268 min read
DevSecOps

GitLab CI/CD Security Hardening for 2025

A practical hardening playbook for GitLab 17.8 covering runner isolation, OIDC federation, CI variable scoping, and protected branch enforcement.

Feb 20, 20255 min read
DevSecOps

Bitbucket Pipelines Security Guide

Securing Bitbucket Pipelines with secure variables, deployment permissions, and pipeline hardening.

Aug 25, 20234 min read
DevSecOps

GitLab CI/CD Security Configuration

Hardening GitLab CI/CD pipelines with protected variables, secure runners, and built-in security scanning.

Apr 18, 20234 min read
cicd — Safeguard Blog