DevSecOps
CI/CD Compromise Investigation Steps
A step-by-step investigation playbook for suspected CI/CD pipeline compromise, from runner forensics to secrets rotation.
Mar 8, 20246 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A step-by-step investigation playbook for suspected CI/CD pipeline compromise, from runner forensics to secrets rotation.
A practical hardening guide for Tekton Pipelines covering TaskRun isolation, step image provenance, workspace secrets, and the CVE history that shaped the current defaults.
Multi-stage builds reduce image size, but they also introduce security considerations around build secrets, layer caching, and dependency leakage.
Compliance as code transforms audit requirements into automated checks. This guide covers frameworks, tooling, and practical implementation for security teams.
Setting up a secure development environment involves more than installing an IDE. From OS hardening to credential management, here is a comprehensive checklist for security-conscious teams.
Platform engineering teams are becoming the stewards of developer experience. Here's how to make supply chain security a built-in capability, not a bolt-on burden.
Interactive Application Security Testing and Runtime Application Self-Protection both operate at runtime, but they serve different purposes. Here is how they compare and when to use each.
Security automation playbooks codify response procedures into executable workflows. A well-designed playbook library turns supply chain incidents from fire drills into routine operations.
Artifactory is the most common artifact repository in enterprise. It is also a default-permissive system where misconfigurations compound. A concrete hardening guide.
Weekly insights on software supply chain security, delivered to your inbox.