Safeguard
Tag

Pipelines

Safeguard articles tagged "Pipelines" — guides, analysis, and best practices for software supply chain and application security.

7 articles

DevSecOps

Woodpecker CI Security Review

A security review of Woodpecker CI, the community fork of Drone: runner isolation, secret handling, plugin ecosystem, and the trade-offs of running a self-hosted lightweight CI.

Dec 2, 20248 min read
DevSecOps

Concourse CI Supply Chain Hardening

A practical hardening guide for Concourse CI: resource type trust, worker isolation, team-level RBAC, and the var source security that underpins the platform's multi-tenancy model.

Nov 8, 20248 min read
DevSecOps

Buildkite Supply Chain Hardening

A practical hardening guide for Buildkite: agent isolation, pipeline upload security, plugin risks, and the agent-token rotation strategy that keeps the trust model intact.

Oct 25, 20248 min read
DevSecOps

Dagger.io Supply Chain Pipelines

Dagger programmatic pipelines offer genuine supply chain benefits when used well. Here are the patterns and pitfalls from running Dagger in production.

Sep 18, 20246 min read
DevSecOps

Drone CI Security Considerations

A security-focused look at Drone CI: runner isolation, secret handling, plugin risks, and the differences between Drone OSS, Enterprise, and the Harness transition.

Jul 15, 20248 min read
DevSecOps

Jenkins Pipeline Supply Chain Security

How Jenkins pipelines end up as supply chain attack vectors, covering Groovy sandbox risks, plugin CVEs, credential binding, and practical hardening for Jenkins 2.440+.

Apr 2, 20247 min read
DevSecOps

Tekton Pipelines Hardening Guide

A practical hardening guide for Tekton Pipelines covering TaskRun isolation, step image provenance, workspace secrets, and the CVE history that shaped the current defaults.

Mar 8, 20247 min read
Pipelines — Safeguard Blog