Safeguard
Tag

circleci

Safeguard articles tagged "circleci" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Supply Chain Attacks

Lessons from the CircleCI 2023 secrets breach

A stolen session cookie bypassed 2FA and let attackers read secrets from live memory. CircleCI's own timeline shows what fast rotation actually requires.

Jul 15, 20267 min read
DevSecOps

CircleCI Security Best Practices After the 2023 Breach

The January 2023 CircleCI incident forced every customer to rotate every secret. Here is what it taught us — plus hardened config.yml examples for orb pinning, restricted contexts, OIDC, and adding scanning.

Jul 4, 20266 min read
DevSecOps

CircleCI Orb Trust and Pinning in 2026

How to manage CircleCI orb trust in 2026: certified versus uncertified orbs, version pinning, contexts, OIDC, and the controls that hold under real attacker pressure.

Apr 8, 20266 min read
DevSecOps

CircleCI Security Configuration Guide

Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.

Jul 8, 20235 min read
Incident Analysis

CircleCI Credential Rotation: The Mass-Reset Event

CircleCI told every customer to rotate every secret on January 4, 2023. Here is what actually happened and why the scope was total.

Jan 10, 20237 min read
Supply Chain Attacks

CircleCI Security Incident January 2023: What Happened and What We Learned

CircleCI's January 2023 breach exposed secrets for thousands of organizations. Here's how the attack unfolded and what it means for CI/CD security.

Jan 5, 20236 min read
Incident Response

Dropbox Breach: Phishing Attack Exposes 130 Private GitHub Repositories

Attackers phished Dropbox employees by impersonating CircleCI, gaining access to 130 private GitHub repos containing internal code and credentials.

Nov 2, 20226 min read
circleci — Safeguard Blog