#cicd-security

[ follow ]
#secret-scanning #github-actions #sbom #zero-trust #software-supply-chain #dependency-management
Information security
fromInfoQ
1 week ago

Trust No One: Securing the Modern Software Supply Chain with Zero Trust

Apply Zero Trust principles to secure software supply chains and CI/CD pipelines by managing dependencies, enforcing controls, and embedding developer-focused security practices.
Information security
fromInfoQ
1 month ago

HashiCorp Warns Traditional Secret Scanning Tools Are Falling Behind

Traditional secret scanning tools fail to prevent secret exposure; prevention-first integration across developer tools, CI/CD pipelines, and incident response is required.
#github-actions
fromMedium
2 months ago
Information security

GitHub Actions as a Secure DevOps Orchestrator: Beyond CI/CD

GitHub Actions can serve as a security command center to automate SBOM creation, secret scanning, compliance enforcement, and to block risky deployments before production.
fromInfoQ
7 months ago
DevOps

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
more#github-actions
Information security
fromMedium
2 months ago

DevOps Quantum Leap: Emerging Use Cases of Quantum-Safe Cryptography

Integrate post-quantum cryptography into CI/CD pipelines now to protect secrets, keys, and infrastructure from future quantum-computer attacks.
[ Load more ]