Safeguard
Tag

pipeline-security

Safeguard articles tagged "pipeline-security" — guides, analysis, and best practices for software supply chain and application security.

29 articles

Regulatory Compliance

TSA pipeline cybersecurity directive and software supply ...

A breakdown of TSA's pipeline cybersecurity directives and the software supply chain requirements they impose on operators and oil and gas vendors alike.

Dec 21, 20257 min read
DevSecOps

Continuous Integration Security: A Checklist

Continuous integration security means treating your CI pipeline as a production system, because an attacker who compromises your CI runner can ship malicious code as easily as your own engineers.

Jul 30, 20256 min read
DevSecOps

DevOps Security Best Practices: Shifting Left Without Slowing Down

Shift left fails when it means shifting friction left. Here are the DevOps security best practices that catch issues early while keeping pipelines fast enough that engineers leave the gates on.

Jun 24, 20256 min read
Engineering

A Beginner's Guide to Threat Modeling Your Build Pipeline

Your CI system is a production system with worse access controls. A first threat model of the pipeline takes one whiteboard session and usually finds something ugly.

Aug 25, 20247 min read
DevSecOps

Azure DevOps YAML Pipeline Hardening

A practical, line-by-line walk through hardening Azure DevOps YAML pipelines — template injection, task version pinning, approvals, and the defaults that will bite you.

Apr 20, 20247 min read
Offensive Security

Penetration Testing CI/CD Pipelines

Your CI/CD pipeline is a high-value target. Here's how to pen test build systems, artifact repositories, and deployment workflows for supply chain vulnerabilities.

Apr 18, 20246 min read
DevSecOps

Travis CI Security Best Practices

Security hardening for Travis CI pipelines covering secret management, build isolation, and migration considerations for teams still on the platform.

Nov 12, 20236 min read
Software Supply Chain Security

Build System Poisoning Techniques: How Attackers Corrupt Your Pipeline

Build systems transform source code into deployable artifacts. When attackers poison the build, every artifact is compromised. Here is how it happens.

Sep 8, 20234 min read
DevSecOps

Bitbucket Pipelines Security Guide

Securing Bitbucket Pipelines with secure variables, deployment permissions, and pipeline hardening.

Aug 25, 20234 min read
DevSecOps

CI/CD Secret Sprawl: How Pipeline Credentials Become Your Biggest Risk

Your CI/CD pipeline has more credentials than your production environment. Secret sprawl across pipelines creates a massive attack surface that most teams cannot even inventory.

Jul 20, 20235 min read
DevSecOps

CircleCI Security Configuration Guide

Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.

Jul 8, 20235 min read
DevSecOps

Environment Variable Injection in CI/CD Pipelines

Environment variables in CI/CD systems carry secrets, configuration, and control flow. When attackers can inject or modify them, everything breaks.

May 8, 20234 min read
pipeline-security (Page 2) — Safeguard Blog