ci security
2 posts
Article
Workflows are code, not config
CI workflow modification executes under repository trust. The control surface is the file. The boundary is the weakest identity allowed to merge.
Article
Your security scanner is the breach.
Cisco source code stolen, AWS keys breached, 300 repositories cloned. The exfiltration channel was Trivy operating inside Cisco's CI pipeline.