Safeguard
Tag

oidc

Safeguard articles tagged "oidc" — guides, analysis, and best practices for software supply chain and application security.

32 articles

Open Source Security

PyPI Trusted Publishing Common Pitfalls

PyPI trusted publishing removed a whole class of token leaks, but teams keep tripping over the same half-dozen configuration mistakes. Here is what to watch for.

Jan 28, 20267 min read
DevSecOps

Secrets Management in CI Pipelines: 2026 Guide

Rotating tokens, OIDC federation, and scoped runners are table stakes in 2026. Here is how senior engineers design CI secrets that do not leak on bad days.

Jan 16, 20267 min read
Concepts

What is Secretless Authentication in CI/CD

Secretless authentication replaces stored CI credentials with short-lived OIDC tokens minted per job. Here's the trust-policy plumbing, provider support, and the pitfalls.

Sep 16, 20257 min read
Engineering

Securing GitHub Actions Reusable Workflows at Scale

Reusable workflows centralize CI logic — and centralize compromise. Pinning, secrets scoping, org policy, and the review process that keeps one bad merge from owning 400 repos.

Sep 14, 20256 min read
Concepts

What is a Trusted Publisher (PyPI and npm)

A trusted publisher lets your CI workflow publish packages with short-lived OIDC tokens instead of stored API keys. Here's how it works on PyPI and where npm stands.

May 21, 20257 min read
Vulnerability Response

CVE-2025-47884 in Jenkins OpenID Connect Provider: Patch Posture & SBOM Response

Jenkins OIDC Provider plugin token impersonation scored CVSS 9.1. Defender playbook for CI/CD identity infrastructure.

May 16, 20256 min read
Concepts

What Is OpenID Connect (OIDC)

OpenID Connect adds a real identity layer on top of OAuth 2.0. Learn how it proves who a user is, what an ID token contains, and how it differs from plain OAuth.

Sep 10, 20246 min read
Open Source Security

PyPI Trusted Publishing: An Adoption Guide

Trusted Publishing replaces long-lived PyPI tokens with OIDC-issued short-lived credentials. A practical guide to adoption, pitfalls, and what it changes for your threat model.

Aug 30, 20246 min read
oidc (Page 3) — Safeguard Blog