CI/CD security

2 posts

Your GitHub commits were never trustworthy

Megalodon compromised 55,000 GitHub repositories. A technical breakdown of the trust boundary that failed and what repository owners must now verify.

May 24, 2026

Article

ShinyHunters, Trivy, and the Pipeline Identity Problem

ShinyHunters cloned 300 Cisco repositories through Trivy running in a CI/CD pipeline. This is what failed structurally, why it failed, and what pipeline identity enforcement must look like.

Apr 2, 2026