cicd
Safeguard articles tagged "cicd" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Catching Terraform Misconfigurations Before They Ever Reach Apply
Trivy replaced tfsec in 2023 and Checkov ships thousands of policies — here's how to wire open-source Terraform scanners into CI/CD before terraform apply runs.
Docker image vulnerability scanning: best practices for CI/CD
Log4Shell hid in countless container images for years before scanning caught it. Here's how to scan base layers and gate builds before that happens again.
DevSecOps Fundamentals
DevSecOps folds security into the fast, automated flow of modern development instead of bolting it on at the end. This guide explains what DevSecOps really means, how the pipeline works stage by stage, and the practices that make it stick.
Zero Trust for CI/CD Pipelines: A Concrete Blueprint
CI/CD runners are a top attacker target. Here's a concrete zero-trust blueprint using OIDC federation, pinned action SHAs, and short-lived identities.
GitLab CI/CD Security Hardening for 2025
A practical hardening playbook for GitLab 17.8 covering runner isolation, OIDC federation, CI variable scoping, and protected branch enforcement.
Bitbucket Pipelines Security Guide
Securing Bitbucket Pipelines with secure variables, deployment permissions, and pipeline hardening.
GitLab CI/CD Security Configuration
Hardening GitLab CI/CD pipelines with protected variables, secure runners, and built-in security scanning.