Safeguard
Tag

pipeline-security

Safeguard articles tagged "pipeline-security" — guides, analysis, and best practices for software supply chain and application security.

29 articles

DevSecOps

DevSecOps and CI/CD pipeline security

CI/CD pipelines are now a prime attack surface. Here's what Checkmarx's SAST-first approach misses, and how Safeguard secures the full pipeline.

Jun 24, 20267 min read
DevSecOps

Azure DevOps pipeline security best practices

A practical guide to the six Azure DevOps pipeline settings attackers exploit most, with exact controls to fix fork triggers, secrets, and agents.

Jun 16, 20267 min read
DevSecOps

Building a secure CI/CD pipeline with GitHub Actions

The tj-actions breach exposed secrets in 23,000 repos. Here's how pwn requests, unpinned tags, and self-hosted runners put your CI/CD at risk.

May 18, 20267 min read
DevSecOps

What Is the CI/CD Pipeline (and CI/CD security)?

CI/CD pipelines now hold more privileged access than any other system — yet they're the least monitored. Here's what CI/CD pipeline security really requires.

Apr 9, 20267 min read
DevSecOps

Zero Trust for CI/CD Pipelines: A Concrete Blueprint

CI/CD runners are a top attacker target. Here's a concrete zero-trust blueprint using OIDC federation, pinned action SHAs, and short-lived identities.

Mar 24, 20268 min read
Industry Analysis

State of DevSecOps 2026: What Teams Actually Ship

A senior-engineer review of DevSecOps in 2026: what teams ship in production, which controls moved the needle, and where most programs still stall.

Mar 22, 20269 min read
DevSecOps

DevSecOps Integration: Wiring Security Into Pipelines You Already Have

You do not need a new pipeline — you need to instrument the one you have. A stage-by-stage map for DevSecOps integration in Jenkins, GitHub Actions, GitLab CI, or Azure DevOps.

Mar 19, 20266 min read
Compliance

CI/CD Audit Pipeline Checklist 2026

An auditor's checklist for CI/CD pipelines in 2026 covering build provenance, secret management, runner isolation, and the evidence to collect for SOC 2 and FedRAMP.

Mar 14, 20265 min read
DevSecOps

What is CI/CD Pipeline Security

CI/CD pipeline security explained: how SolarWinds, Codecov, CircleCI, and tj-actions were breached, and concrete steps to lock down your build pipeline.

Mar 8, 20266 min read
DevSecOps

What is CI/CD Pipeline Poisoning

CI/CD pipeline poisoning lets attackers hijack your build automation to steal secrets and plant backdoors. Here's how it works and how to stop it.

Mar 7, 20267 min read
DevSecOps

CI/CD Security Tools, Organized by Pipeline Stage

A stage-by-stage map of CI/CD security tools — from pre-commit hooks to runtime protection — so you know which control belongs where instead of bolting everything onto one gate.

Feb 18, 20266 min read
DevSecOps

Securing Azure DevOps pipelines against supply chain comp...

Pipelines now hold more privilege than the apps they build. Here's how Azure DevOps pipeline security actually breaks down—and how to close the gaps.

Jan 16, 20267 min read
pipeline-security — Safeguard Blog