pipeline-security
Safeguard articles tagged "pipeline-security" — guides, analysis, and best practices for software supply chain and application security.
29 articles
DevSecOps and CI/CD pipeline security
CI/CD pipelines are now a prime attack surface. Here's what Checkmarx's SAST-first approach misses, and how Safeguard secures the full pipeline.
Azure DevOps pipeline security best practices
A practical guide to the six Azure DevOps pipeline settings attackers exploit most, with exact controls to fix fork triggers, secrets, and agents.
Building a secure CI/CD pipeline with GitHub Actions
The tj-actions breach exposed secrets in 23,000 repos. Here's how pwn requests, unpinned tags, and self-hosted runners put your CI/CD at risk.
What Is the CI/CD Pipeline (and CI/CD security)?
CI/CD pipelines now hold more privileged access than any other system — yet they're the least monitored. Here's what CI/CD pipeline security really requires.
Zero Trust for CI/CD Pipelines: A Concrete Blueprint
CI/CD runners are a top attacker target. Here's a concrete zero-trust blueprint using OIDC federation, pinned action SHAs, and short-lived identities.
State of DevSecOps 2026: What Teams Actually Ship
A senior-engineer review of DevSecOps in 2026: what teams ship in production, which controls moved the needle, and where most programs still stall.
DevSecOps Integration: Wiring Security Into Pipelines You Already Have
You do not need a new pipeline — you need to instrument the one you have. A stage-by-stage map for DevSecOps integration in Jenkins, GitHub Actions, GitLab CI, or Azure DevOps.
CI/CD Audit Pipeline Checklist 2026
An auditor's checklist for CI/CD pipelines in 2026 covering build provenance, secret management, runner isolation, and the evidence to collect for SOC 2 and FedRAMP.
What is CI/CD Pipeline Security
CI/CD pipeline security explained: how SolarWinds, Codecov, CircleCI, and tj-actions were breached, and concrete steps to lock down your build pipeline.
What is CI/CD Pipeline Poisoning
CI/CD pipeline poisoning lets attackers hijack your build automation to steal secrets and plant backdoors. Here's how it works and how to stop it.
CI/CD Security Tools, Organized by Pipeline Stage
A stage-by-stage map of CI/CD security tools — from pre-commit hooks to runtime protection — so you know which control belongs where instead of bolting everything onto one gate.
Securing Azure DevOps pipelines against supply chain comp...
Pipelines now hold more privilege than the apps they build. Here's how Azure DevOps pipeline security actually breaks down—and how to close the gaps.