Safeguard
Tag

cicd-security

Safeguard articles tagged "cicd-security" — guides, analysis, and best practices for software supply chain and application security.

22 articles

Industry Analysis

Exploring vulnerabilities in GitHub Actions workflows

From the tj-actions/changed-files hijack to PyTorch's self-hosted runner breach, real incidents show how GitHub Actions workflows keep getting exploited.

May 17, 20266 min read
DevSecOps

What Is the CI/CD Pipeline (and CI/CD security)?

CI/CD pipelines now hold more privileged access than any other system — yet they're the least monitored. Here's what CI/CD pipeline security really requires.

Apr 9, 20267 min read
DevSecOps

How to set up a CI/CD pipeline security gate

A practical, step-by-step guide to building a CI/CD pipeline security gate that scans, enforces vulnerability thresholds, and blocks risky builds without slowing developers down.

Feb 11, 20268 min read
Cloud Security

Setting up OIDC federation between GitHub Actions and AWS...

A step-by-step guide to setting up AWS OIDC GitHub Actions federation, from IAM provider setup to scoped trust policies, so CI/CD pipelines never need long-lived AWS keys.

Jan 17, 20267 min read
DevSecOps

Using OCI dynamic groups to authenticate CI/CD pipelines

A practical guide to eliminating static credentials in CI/CD using OCI dynamic groups, matching rules, and OCI DevOps service authentication instead of API keys.

Jan 7, 20268 min read
DevSecOps

Jenkins Stapler Unauthenticated RCE Mass-Exploited for Cr...

CVE-2018-1000861 let attackers hit Jenkins Stapler unauthenticated, planting cryptomining malware on exposed CI/CD build servers across the internet.

Nov 26, 20257 min read
DevSecOps

Jenkins Remote Code Execution via Groovy Metaclass (CVE-2...

CVE-2016-0792 let attackers bypass Jenkins' deserialization blacklist using Groovy's metaclass to achieve unauthenticated remote code execution via the CLI.

Nov 26, 20259 min read
Buyer's Guides

Best software supply chain observability tools

A practical, no-hype buyer's guide to software supply chain observability tools -- evaluation criteria, an honest roundup of six real vendors, and where Safeguard fits.

Nov 4, 20258 min read
Cloud Security

GitHub Actions workflow injection vulnerabilities

How GitHub Actions workflow injection lets attackers hijack CI pipelines via untrusted input, real CVEs like CVE-2025-30066, and how to detect it.

Nov 3, 20257 min read
Cloud Security

Jenkins plugin vulnerability trends report

Jenkins plugin CVEs keep piling up—missing permission checks, CSRF gaps, and a critical CVE-2024-23897 that attackers scanned for within days.

Nov 2, 20256 min read
cicd-security (Page 2) — Safeguard Blog