CI/CD & Supply Chain Security Articles

Pull requests from forked repositories run CI in a context that, if misconfigured, can access production secrets — AWS keys, container registry credentials, deployment tokens. Comprehensive fork PR isolation requires a combination of GitHub Actions configuration, secret scoping, and pipeline design that avoids the pull_request_target pitfall and its variants.

LLM-assisted CVE research is flooding NVD with new entries faster than engineering teams can review them. Naively failing CI on every new CVE causes alert fatigue and broken pipelines. EPSS-based thresholds, CISA KEV enforcement, and suppression-policy automation let teams maintain signal while preventing pipeline gridlock.

GCP Cloud Build generates SLSA Level 3 provenance natively. Combined with Artifact Registry signing and Binary Authorization deployment policies, the GCP-native toolchain enforces that only verifiably-built container images reach production. This guide covers end-to-end setup for all three layers.

The pull_request_target trigger runs workflows in the context of the target repository — with access to repository secrets — while executing code from the pull request branch; dozens of supply chain incidents in 2024-2025 exploited this pattern to steal tokens and compromise downstream deployments.

When dependency CVE counts surge into the hundreds per week, manual triage collapses; auto-merge policies for patch-level updates, EPSS-weighted PR queues, scanner false-positive suppression, and SLA-driven escalation keep the remediation pipeline moving without overwhelming the team.

gixy, nginx -t, and Conftest OPA policies in CI catch NGINX misconfigurations — open proxy, SSRF paths, annotation injection surfaces, and module CVE exposure — before they reach production; build a gate that blocks deployment when configuration is dangerous.

GitHub Copilot Workspace generates, implements, and opens pull requests autonomously; scope its permissions to the minimum required, review its output for secrets and vulnerabilities before merge, and prevent it from bypassing required review gates.

AI-generated automatic security fixes — GitHub Copilot Autofix, CodeQL AI, Snyk DeepCode — may be incomplete, introduce new vulnerabilities, or fail to address the root cause; require validation steps before autofix PRs reach production branches.

GitHub environment protection rules gate deployments behind required reviewers, branch constraints, and custom approval checks; scope secrets to environments rather than repositories to contain the blast radius of a compromised workflow or runner.

AI assistants generating GitHub Actions, GitLab CI, and Jenkins pipeline YAML introduce predictable misconfigurations — over-broad permissions, missing secret masking, and unconstrained runner access; validate AI-generated pipeline code with automated policy checks before merge.

Gitea and Forgejo have had multiple authentication bypass, RCE, and SSRF CVEs in 2024–2025; harden the instance configuration, webhook validation, runner isolation, and network exposure to reduce the attack surface of self-hosted Git infrastructure.

CVE-2026-42826 (CVSS 10.0) demonstrated that Azure DevOps can expose sensitive pipeline configuration, credentials, and build artefacts to unauthenticated requests under certain conditions. This article covers hardening Azure DevOps against unauthenticated API access: disabling public project visibility, scoping Personal Access Tokens, locking down service connections, enforcing conditional access, and detecting anomalous API access patterns.

GitHub Artifact Attestations link build artifacts to their source with cryptographic SLSA provenance; configure attestation generation in Actions, enforce verification at deploy time, and integrate with admission control to prevent unsigned images from reaching production.

Actions Runner Controller (ARC) scales GitHub Actions self-hosted runners as Kubernetes pods. Each runner pod executes arbitrary CI code from the repository's workflow files. Without ephemeral runners, pod security standards, and network isolation, one malicious workflow can compromise the Kubernetes node running the runner. This article implements a hardened ARC deployment with ephemeral pods, minimal RBAC, and network controls.

API keys committed to repositories, hardcoded in Dockerfiles, stored in CI environment variables, and passed between pipelines accumulate silently over years. A 3-year-old Stripe API key in a Docker layer cache is as dangerous as a freshly generated one. This article covers auditing existing API key exposure, enforcing rotation SLAs via CI, scoping keys to minimum permissions, and detecting anomalous usage before keys are reported compromised.

Build pipelines that copy or move artifacts between stages, registries, or environments without re-verifying digests create a substitution window: an attacker with write access to the intermediate store can swap the artifact between the build stage and the deploy stage. This article covers content-addressed storage enforcement, per-stage cosign verify-blob, digest pinning in promotion pipelines, and detecting tampering with SLSA provenance.

The container registry is the last checkpoint before an image enters production — making it a high-value target for supply chain attackers. This article covers Harbor security hardening (RBAC, Trivy scanning on push, replication security), AWS ECR security best practices (repository policies, image scanning, lifecycle rules), GCR/Artifact Registry access control, and cross-registry promotion pipelines that maintain provenance.

Debugging a failed CI/CD pipeline often requires shell access to the build environment — but granting developers persistent SSH access to build infrastructure is a supply chain risk. ContainerSSH provides a middle path: time-limited, fully-audited SSH sessions that launch containers matching the exact failed build environment, with automatic session expiry and a complete audit trail of every command run.

Integrating Copa (Copacetic) into CI/CD pipelines automates the scan-patch-verify-sign loop for container images: Trivy scans the image, Copa applies OS package patches via BuildKit, Trivy re-scans to confirm CVE elimination, and cosign signs the patched digest. This article covers the full pipeline implementation in GitHub Actions and Tekton, patch failure handling, and integrating Copa into promotion gates.

GitHub Actions workflows that use actions@latest or grant workflow:write permissions are one compromised action maintainer account away from a supply chain incident. This article covers pinning actions to commit SHAs, the GITHUB_TOKEN minimum permissions model, OIDC token scope reduction, detecting secrets exfiltration in action logs, Dependabot for action updates, and the StepSecurity Harden-Runner for runtime action monitoring.

A golden path (paved road) is the opinionated set of tools and patterns a platform team provides for developers to build, test, and deploy services. When security is baked into the golden path — secure base images, mandatory SBOM generation, pre-configured SAST, network policies on by default — developers get security for free. This article covers designing secure golden paths for Kubernetes services, enforcement via admission control, and measuring adoption.

A kubeconfig stored in a CI artifact, printed to workflow logs, or committed to a dotfiles repo gives an attacker the exact same Kubernetes API access as the pipeline service account. CI/CD pipeline service accounts are routinely granted cluster-admin or namespace-admin to enable deployments. This article traces the complete attack chain from kubeconfig discovery to cluster-wide compromise, and the controls that stop each step.

Fuzzing at commit time catches memory corruption, logic errors, and input validation bugs before they ship — the same bugs that supply chain attackers target in widely-used libraries. This article covers integrating ClusterFuzzLite into GitHub Actions, writing libFuzzer harnesses in C and Go, using OSS-Fuzz for open-source projects, and triaging fuzzer-found crashes with AddressSanitizer output.

A Software Bill of Materials (SBOM) is only useful if it is accurate, complete, and correlated against vulnerability databases. This article covers generating SBOMs with Syft, Trivy, and cdxgen across container images, source trees, and build outputs; consuming SBOMs with Grype and OWASP Dependency-Track; and integrating SBOM workflows into CI/CD pipelines with policy gates.

Shift-left security moves vulnerability detection to the developer's workstation and the PR review stage, where fixes are 100x cheaper than production remediation. This article covers IDE security plugins (Semgrep, Snyk in VS Code), pre-commit frameworks for secrets and SAST, configuring security-aware PR checks in GitHub Actions, and measuring developer security feedback loop latency.

SLSA provenance attestations are only enforceable if Kubernetes admission control verifies them before workloads run. This article covers attaching SLSA provenance as OCI attestations with cosign attest, verifying attestations in Kyverno with JMESPath predicates, using the SLSA verifier as an external webhook, and building a policy that requires SLSA level 3 provenance for production namespaces.

SLSA (Supply-chain Levels for Software Artifacts) provides a graduated framework for proving that build artifacts were produced from expected source code via expected build processes. This article covers SLSA levels 1-4, in-toto attestations, SLSA provenance generation with GitHub Actions and Google Cloud Build, and verifying provenance at deployment time using policy engines.

SOPS (Secrets OPerationS) encrypts secret files using age keys, AWS KMS, Azure Key Vault, or GCP KMS — leaving the file structure visible but values encrypted. The result is a committable, diff-able, auditable encrypted secret that lives in git alongside the manifests that use it. This article implements SOPS with age for a Kubernetes GitOps workflow, covering key rotation, CI/CD integration without stored decryption keys, and detecting accidental plaintext commits.

Terraform code that provisions cloud infrastructure with open security groups, public S3 buckets, or overly permissive IAM policies creates immediate risk. This article covers Terraform security scanning with Checkov and Trivy, pre-commit hooks for IaC, Conftest/OPA policy gates in CI, Sentinel policies in Terraform Cloud/Enterprise, and Atlantis security hardening for self-hosted plan/apply workflows.

In 2026, AI tools can generate syntactically correct, contextually plausible code that contains subtle backdoors invisible to both human reviewers and static analysis tools. Simultaneously, AI reviewer bots can be manipulated into approving malicious PRs. The PR review pipeline needs controls that don't assume either human or AI reviewers are reliable.

GitHub Copilot, Cursor, and Claude Code generate code trained on GPL, LGPL, and AGPL repositories. The legal risk of shipping AI-generated code in commercial products is unresolved. Separately, AI-generated code creates SBOM gaps: when an LLM inlines functionality previously provided by a declared dependency, the result has no provenance, no licence, and no CVE feed. This article covers how to audit AI-generated contributions and what controls reduce legal and supply-chain risk.

Hardening shared CI build caches against poisoning: scope keys, signed cache entries, branch-isolated namespaces, and detection for replay and tampering.

CI pipelines that build container images inside containers use one of two approaches: mount the host Docker socket (/var/run/docker.sock) or run Docker with --privileged. Both give full root access to the Kubernetes node running the build job. Kaniko, Buildah, and rootless BuildKit build container images without either, using only the shared Linux kernel's user namespace support.

Reusable workflows pulled by `uses: org/repo/.github/workflows/x.yml@ref` are a supply-chain blind spot that the 2025 tj-actions and reviewdog incidents exploited. This is how to enforce SHA pinning, audit drift across an entire org, and detect tampering before CI runs attacker-controlled code.

GitHub Advanced Security (GHAS) includes secret scanning with push protection, CodeQL code scanning, dependency review, and Copilot Autofix — but default configuration leaves most of its security value on the table. This guide covers enterprise-wide GHAS enablement, push protection bypass governance, organisation-level code scanning policies, custom secret patterns, and measuring AppSec programme effectiveness with GHAS security overview.

The MCP ecosystem is growing rapidly with hundreds of community-built servers on npm, PyPI, and GitHub. A compromised MCP server package — analogous to the tj-actions/changed-files attack — silently intercepts tool calls, exfiltrates parameters (which may contain credentials, personal data, or internal system details), and returns manipulated results. SHA-pinning MCP server definitions and verifying server integrity before use close the most accessible attack vectors.

GitHub Actions marketplace actions, Jenkins plugins, and GitOps tools like ArgoCD are high-impact supply chain targets — a compromised action runs with access to your build secrets and source code. This guide covers how to report vulnerabilities in CI/CD tools, what the disclosure processes look like for each ecosystem, and how pipeline maintainers should respond when a vulnerability drops in a tool they depend on.

Software supply chain signatures using ECDSA-P256 or RSA are vulnerable to quantum 'harvest-now-verify-later' attacks — an adversary could forge signatures retroactively. Sigstore's roadmap includes ML-DSA support, and cosign already supports custom PQC signing keys via providers. This guide implements hybrid ML-DSA artifact signing, plans the Sigstore PQC migration, and maintains backward-compatible verification.

Automated bots in 2025-2026 submit crafted pull requests to public GitHub repositories exploiting pull_request_target (which runs with write permissions and secret access), environment variable exfiltration via workflow manipulation, and the trust boundary between forked PRs and the base repository. The 2025 tj-actions/changed-files compromise demonstrated the scale: one malicious workflow change reached 23,000+ repositories.

GitHub-hosted and self-hosted runners share a Linux kernel across concurrent jobs. Techniques including /proc filesystem traversal, cgroup namespace confusion, ptrace across job boundaries, and tmpfs timing attacks let one CI job read another job's environment variables and secrets — without any CVE required.

Anthropic's Red Team found 500+ validated high-severity vulnerabilities using LLM analysis — including kernel bugs undetected for 23 years. Integrate AI-assisted SAST into CI/CD pipelines, understand what LLMs find that rule-based tools miss, and manage false-positive fatigue at scale.

CodePipeline and CodeBuild run with IAM roles that can reach production infrastructure, pull secrets, and write to container registries. Overprivileged build roles, plaintext environment variable secrets, public-facing build environments, and unencrypted artifact buckets are the primary attack surface. Hardening requires least-privilege IAM, Parameter Store integration, VPC isolation, KMS artifact encryption, and manual approval gates for production.

Azure Pipelines service connections hold keys to every environment the pipeline deploys to. Overpermissive service principals, classic pipeline authoring without audit trail, variable groups readable by any pipeline, and pull request builds running untrusted contributor code are the most common attack paths. This article covers YAML pipelines, service connection scoping, workload identity federation, protected resources, agent pool isolation, and branch policy enforcement.

Bazel's hermetic build model provides strong security properties by default, but remote execution, bzlmod registry trust, external repository rules, and remote cache poisoning introduce distinct attack surfaces. This guide covers hardening each layer end-to-end.

BuildKit's cache backends — inline, registry, S3, and GitHub Actions — each carry distinct poisoning risks. This guide covers cache attack surface mapping, registry access controls, secrets in ARG vs --secret, multi-stage isolation, and provenance verification after cache-assisted builds.

Automatic promotion to production bypasses human verification and lets supply chain compromises reach live systems unopposed. Hardening promotion gates combines automated quality checks, cryptographic policy enforcement, and mandatory human approval to create a verifiable, audit-ready barrier between staging and production.

A compromised pipeline ships malicious code to production at scale. Learn what to monitor, which signals betray tampering, and how to wire audit logs, egress anomalies, and build provenance into a detection strategy.

The January 2023 CircleCI breach showed that CI platforms are high-value targets. Hardening CircleCI means securing contexts with group-based restrictions, replacing static credentials with OIDC tokens, locking down self-hosted runners, and preventing fork pipelines from touching secrets.

Attestations are signed metadata attached to a container image as a co-located OCI artifact. This article covers attaching and verifying SLSA build provenance and SBOM attestations using cosign, in-toto, and Kyverno.

Registry scanning catches CVEs after deployment; build-time scanning stops them before. Learn how to integrate Trivy and Grype into GitHub Actions and GitLab CI, set severity thresholds, suppress false positives with VEX, scan IaC, and feed results into Dependency Track for centralised vulnerability management.

Long-lived AWS, GCP, and Azure credentials stored as CI secrets are a permanent liability. OIDC token exchange lets your pipeline mint short-lived cloud credentials per run, with no stored secrets and a complete audit trail.

Self-hosted runners execute arbitrary workflow code on infrastructure you own. Hardening the runner binary, isolating the host, restricting network egress, and enforcing ephemeral patterns closes the gap between CI convenience and production-grade security.

CVE-2026-4922 lets unauthenticated attackers trigger privileged GitLab operations via CSRF against the GraphQL API. A logged-in user visiting a malicious page can have their code, pipelines, and settings modified without interaction. Patch and enforce SameSite cookies.

Go's module proxy and checksum database provide a strong foundation for supply chain security, but only when teams understand what they protect against — and what they don't. This article covers the full Go module security model: go.sum verification, govulncheck in CI, GONOSUMCHECK pitfalls, private module proxies with Athens, replace directive risks, and vanity import path hardening.

A practical guide to catching infrastructure misconfigurations before they reach production — covering Checkov, tfsec, Trivy, KICS, terrascan, and conftest integrated into GitHub Actions with SARIF annotations, custom policies, false positive suppression, and severity-based blocking.

Manual changes, emergency fixes, and console hotpatches silently diverge your infrastructure from the IaC source of truth—bypassing security review and accumulating compliance debt. Learn to detect, alert on, and prevent drift using Terraform plan schedules, Driftctl, Argo CD self-heal, Flux reconciliation, AWS Config, and CloudTrail analysis.

Runtime admission controllers catch bad manifests at deploy time — when it's too late for the developer and too slow for the pipeline. Shift manifest security left with kubesec, Trivy, Conftest, Kyverno CLI, and Polaris in GitHub Actions to fail PRs before anything reaches the cluster.

A copyleft dependency buried three levels deep in your transitive graph can legally obligate you to open-source your entire product. Automated license scanning in CI catches that before it ships.

Maven Central and Gradle Plugin Portal are high-value supply chain targets. Dependency verification with checksums and PGP, OWASP Dependency-Check integration, private repository proxies, wrapper JAR validation, artifact signing, and reproducible builds close the attack surface.

Single-stage Dockerfiles ship compilers, package caches, and debug tools straight to production. Multi-stage builds with distroless or scratch final images, digest-pinned bases, and Hadolint linting keep the attack surface to the absolute minimum.

Pre-commit hooks catch secrets, misconfigurations, and vulnerable code at commit time — before they reach CI or a remote repository. This article covers the pre-commit framework, key security hooks, team-wide enforcement, and the architectural limits of client-side hooks.

Pulumi state files hold every resource attribute your infrastructure owns. Locking down state backends, encrypting secrets with KMS, enforcing policy as code with CrossGuard, and replacing API tokens with OIDC are the controls that prevent a compromised CI pipeline from becoming a full infrastructure takeover.

PyPI supply chain attacks, typosquatting, and malicious install-time code are live threats to every Python CI pipeline. This guide covers pip-audit, hash-pinned requirements, Poetry lock file verification, private PyPI mirrors, OIDC trusted publishing, and Dependabot configuration to close the gaps.

Rust's memory safety guarantees end at the crate boundary. Build scripts execute arbitrary code at compile time, proc macros run inside the compiler, and crates.io has no mandatory code review. This article covers cargo-audit, cargo-deny, Cargo.lock strategy, cargo-vet, private registry pinning, and reproducible builds to harden the Rust supply chain.

A practical guide to embedding Static Application Security Testing into CI/CD pipelines — covering Semgrep custom rules, CodeQL queries, language-specific scanners, SARIF output, and the critical discipline of keeping false positive rates low enough that developers don't tune out alerts.

Secrets end up in git history through committed .env files, debug logging, and convenience shortcuts. Once pushed, they are permanent without history rewriting. This article covers pre-commit hooks, Gitleaks and TruffleHog integration, GitHub and GitLab native scanning, false positive management, and incident response when a secret is found.

Sarbanes-Oxley Section 404 requires that no individual can both develop code and deploy it to production financial systems. Modern CI/CD pipelines can satisfy SOX IT General Controls — but only with explicit segregation of duties, immutable audit trails, and change management integration. This guide implements SOX-compliant pipeline controls using GitHub Actions and GitLab CI.

CI can be bypassed, misconfigured, or compromised — but admission control cannot be skipped. This article covers the deploy-time gate as the final, non-negotiable supply chain checkpoint: image signing, SLSA provenance, SBOM attestation, vulnerability gating, Sigstore policy-controller, Kyverno, OPA Gatekeeper, slsa-verifier, and air-gapped deployments.

Unsecured webhook receivers are a reliable path to triggering arbitrary pipeline executions, bypassing branch protections, and exfiltrating infrastructure secrets. This article covers HMAC signature verification for GitHub and GitLab webhooks, replay attack prevention, receiver hardening, IP allowlisting, secret rotation, and Jenkins CSRF protection.

TeamPCP rewrote 76 of 77 aquasecurity/trivy-action release tags with credential-stealing malware in March 2026. If your workflow pinned to a tag like @v0.25.0 rather than a commit SHA, you ran the malicious version. Learn how SHA pinning and action verification close this gap.

CVE-2026-3854 allows any user with push access to achieve RCE on GitHub Enterprise Server by injecting HTTP/2 header delimiters into git push options. Patch to GHES 3.19.3+ and harden push option handling across self-hosted git infrastructure.

Lockfile integrity hashes would not have caught the Axios 1.14.1 attack — the malicious tarball was legitimately published, so the hash was correct. Understand what lockfiles do and don't protect against, enforce npm ci in CI, and detect lockfile tampering.

CVE-2026-40886 crashes the Argo Workflows controller with a single malformed pod annotation. Learn how the silent-patch pattern enabled this and how to harden your cluster against annotation-injection DoS attacks.

Harden Crossplane provider credentials against over-scoped cloud access, composite resource privilege escalation, and the silent-fix pattern in Crossplane's distributed provider release ecosystem.

Track and remediate Go runtime CVEs like CVE-2026-33810 x509 name-constraint bypass across CI/CD toolchains—govulncheck, binary auditing, and the silent propagation of Go crypto fixes.

The Axios attacker bypassed GitHub Actions OIDC by publishing with a stolen npm token. Harden maintainer accounts with hardware-key 2FA, scoped automation tokens, out-of-band publish detection, and npm provenance attestations.

CISA identifies configuration drift as a key OT vulnerability. Manage firewall conduit rules and switch configs as Git-versioned code — with peer review, automated compliance checks, and drift detection that alerts when rules silently reopen IT-to-OT paths.

CISA identifies OT supply chain management as the most strategic security lever. Build patch pipelines that validate firmware SBOMs, enforce time-limited vendor access, and stage updates on replica systems before deploying to live OT.

Harden Argo CD ApplicationSet controllers against cluster generator privilege escalation, Git generator path traversal, and the recurring pattern of security fixes shipped without advance advisory.

Harden Dagger CI/CD pipeline-as-code deployments by securing the engine API socket, scoping container privileges, protecting secrets, and tracking silent security fixes in Dagger releases.

Replace long-lived Personal Access Tokens with scoped, short-lived GitHub App installation tokens, and harden App private key storage, permission minimization, and token rotation.

Harden Harbor container registry against CVE-2026-4404 hardcoded credential compromise, image tampering, and the silent-fix disclosure pattern in Harbor's rapidly evolving release cycle.

Secure OpenTofu and Terraform provider initialization against CVE-2026-32280-class TLS chain attacks, malicious module archives, and silent DoS fixes visible before patched releases ship.

Eliminate long-lived publish tokens by configuring OIDC-based trusted publishing from GitHub Actions to npm and PyPI, and monitor open source package registry security advisories.

Argo CD controls what deploys to your Kubernetes clusters. Weak RBAC, default credentials, insecure repository access, and overpermissive cluster roles make it a high-value attack target. Hardening it limits blast radius from credential compromise.

Secure BuildKit rootless container builds by hardening user namespace isolation, build secret handling, cache poisoning defences, and daemon privilege scoping.

Flux continuously reconciles Kubernetes cluster state with Git repositories. Its service accounts need Kubernetes write access; its Git credentials need repository read access. Scoping both correctly, verifying source authenticity, and auditing reconciliation events prevents Flux from becoming a privileged attack vector.

GitLab CI pipelines have access to deployment credentials, cloud provider tokens, and production secrets. Unprotected variables, shared runners with broad permissions, and unrestricted pipeline triggers expose these secrets to any developer with repository access.

Jenkins is one of the most common CI/CD platforms and one of the most commonly compromised. Default credentials, unauthenticated endpoints, unaudited plugins, and agents with excessive host access create a broad attack surface. Hardening Jenkins requires authentication enforcement, plugin minimisation, and agent sandboxing.

Tekton runs CI/CD pipelines as Kubernetes pods. Each TaskRun executes in its own pod, but shared workspaces, overpermissive RBAC, and unrestricted step images allow a malicious pipeline step to access other steps' data, reach the Kubernetes API, or persist state across runs.

Branch protection rules prevent force-pushes, require review, and gate on status checks. At scale across hundreds of repos, enforcement requires the Rulesets API, CODEOWNERS, and automated compliance checks.

Most Dockerfiles leak secrets into image layers, run builds as root, and produce images larger than necessary. BuildKit secrets, rootless mode, multi-stage builds, and Hadolint fix all three.

Dependency confusion attacks exploit the gap between private package names and public registries. Private registries with scope enforcement, upstream proxying, and integrity verification close the gap.

Terraform state files contain plaintext secrets, resource IDs, and full infrastructure topology. Securing the backend, encrypting state at rest, locking against concurrent writes, and detecting config drift are all required.

GHAS ships three controls — secret scanning, code scanning with CodeQL, and Dependabot — that organisations routinely leave at defaults. Hardened configuration dramatically changes what gets caught.

Standing CI permissions are a liability. JIT mints production permissions only at deploy time, with explicit approval and short lifetime.

Bots that update dependencies are great until one auto-merges a malicious release. The defaults are safe-ish; the configuration that makes them production-safe is more deliberate.

Four identity types, four very different scope/lifetime/permission models. Pick wrong and you ship the wrong-shaped credential to every CI run for years.

Keyless signing eliminates long-lived signing keys by issuing short-lived certificates from Fulcio and recording signatures in the Rekor transparency log. Cosign wires it into CI/CD.

Container-based CI runners share a host kernel. Firecracker and Kata give each job its own kernel and a fresh VM — large blast-radius reduction, modest cost.

OIDC federation between CI and cloud removes long-lived secrets. The trust policies that grant the access are the new attack surface, and most are too loose.

Hand-clicking branch protection rules across 200 repos guarantees drift. Terraform + the github provider + a shared module makes it auditable, reviewable, and reversible.

Most build pipelines run with unrestricted outbound internet. A single compromised dependency exfiltrates secrets, tokens, and source code in seconds.

Attackers no longer need to breach you directly when they can compromise a vendor, open-source library, or managed service provider that you trust. A single poisoned dependency can cascade into thousands of downstream organisations. This article covers the controls that detect and contain supply chain compromise.

Static credentials in CI/CD pipelines are the leading cause of secret sprawl. Teams store long-lived API keys, database passwords, and cloud provider.

SBOM generation is easy, run Syft, get a list of every package in your container image.

Terraform state files contain every secret, IP address, and configuration detail of your infrastructure in plaintext JSON.

Container registries store the most sensitive artifacts in your deployment pipeline.

CI/CD pipeline definitions live alongside application code in Git.

Helm values files control security-critical Kubernetes fields like security contexts, image references, and resource limits. Without schema validation, a single misconfigured value can deploy a privileged container or pull an unscanned image.

CI/CD runners are the most privileged, least monitored components in most infrastructure.

Helm is the dominant package manager for Kubernetes, but most teams install charts without verifying provenance, pass unvalidated values that end up...

Helm charts pulled from public repositories are unsigned, unverified, and executed with whatever permissions their templates request. This article covers OCI-based chart storage, cosign signing and verification, chart mirroring for airgapped environments, and Kyverno policies to enforce signed charts.

Build artifacts pass through multiple stages between source code and production deployment.

GitHub Actions is the most widely used CI/CD platform, but its security model is scattered across dozens of documentation pages.

Dependency confusion and typosquatting attacks exploit the gap between "I declared a dependency" and "I verified the dependency I got." Version pinning...

Two builds from the same source code should produce the same container image. In practice, they almost never do.

GitOps centralizes deployment authority in Git repositories. Tools like ArgoCD and Flux watch Git repositories and reconcile cluster state to match...

Without provenance, you cannot prove where a container image came from, what source code it was built from, or whether the build process was tampered...