pipeline-security
Safeguard articles tagged "pipeline-security" — guides, analysis, and best practices for software supply chain and application security.
29 articles
TSA pipeline cybersecurity directive and software supply ...
A breakdown of TSA's pipeline cybersecurity directives and the software supply chain requirements they impose on operators and oil and gas vendors alike.
Continuous Integration Security: A Checklist
Continuous integration security means treating your CI pipeline as a production system, because an attacker who compromises your CI runner can ship malicious code as easily as your own engineers.
DevOps Security Best Practices: Shifting Left Without Slowing Down
Shift left fails when it means shifting friction left. Here are the DevOps security best practices that catch issues early while keeping pipelines fast enough that engineers leave the gates on.
A Beginner's Guide to Threat Modeling Your Build Pipeline
Your CI system is a production system with worse access controls. A first threat model of the pipeline takes one whiteboard session and usually finds something ugly.
Azure DevOps YAML Pipeline Hardening
A practical, line-by-line walk through hardening Azure DevOps YAML pipelines — template injection, task version pinning, approvals, and the defaults that will bite you.
Penetration Testing CI/CD Pipelines
Your CI/CD pipeline is a high-value target. Here's how to pen test build systems, artifact repositories, and deployment workflows for supply chain vulnerabilities.
Travis CI Security Best Practices
Security hardening for Travis CI pipelines covering secret management, build isolation, and migration considerations for teams still on the platform.
Build System Poisoning Techniques: How Attackers Corrupt Your Pipeline
Build systems transform source code into deployable artifacts. When attackers poison the build, every artifact is compromised. Here is how it happens.
Bitbucket Pipelines Security Guide
Securing Bitbucket Pipelines with secure variables, deployment permissions, and pipeline hardening.
CI/CD Secret Sprawl: How Pipeline Credentials Become Your Biggest Risk
Your CI/CD pipeline has more credentials than your production environment. Secret sprawl across pipelines creates a massive attack surface that most teams cannot even inventory.
CircleCI Security Configuration Guide
Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.
Environment Variable Injection in CI/CD Pipelines
Environment variables in CI/CD systems carry secrets, configuration, and control flow. When attackers can inject or modify them, everything breaks.