circleci
Safeguard articles tagged "circleci" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Lessons from the CircleCI 2023 secrets breach
A stolen session cookie bypassed 2FA and let attackers read secrets from live memory. CircleCI's own timeline shows what fast rotation actually requires.
CircleCI Security Best Practices After the 2023 Breach
The January 2023 CircleCI incident forced every customer to rotate every secret. Here is what it taught us — plus hardened config.yml examples for orb pinning, restricted contexts, OIDC, and adding scanning.
CircleCI Orb Trust and Pinning in 2026
How to manage CircleCI orb trust in 2026: certified versus uncertified orbs, version pinning, contexts, OIDC, and the controls that hold under real attacker pressure.
CircleCI Security Configuration Guide
Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.
CircleCI Credential Rotation: The Mass-Reset Event
CircleCI told every customer to rotate every secret on January 4, 2023. Here is what actually happened and why the scope was total.
CircleCI Security Incident January 2023: What Happened and What We Learned
CircleCI's January 2023 breach exposed secrets for thousands of organizations. Here's how the attack unfolded and what it means for CI/CD security.
Dropbox Breach: Phishing Attack Exposes 130 Private GitHub Repositories
Attackers phished Dropbox employees by impersonating CircleCI, gaining access to 130 private GitHub repos containing internal code and credentials.