Building a security-conscious CI/CD pipeline
3y agoen
Source
SnykBuilding a security-conscious CI/CD pipelinesnyk.ioIn this post, we'll discuss CI/CD pipelines and how they can be configured to integrate security throughout the development process.
You might also wanna read
CI/CD Security Testing: Is Your CI/CD Pipeline Compliant?
Packetlabs·7mo ago
The OWASP Top 10 CI/CD Security Risks to Harden DevSecOps
Packetlabs·1y ago
Why Runtime Scanning Falls Short for CI/CD Supply Chain Security
This article argues that runtime scanning is insufficient for securing CI/CD supply chains because detection-based security alerts arrive on
hendryadrian.com·21d agoWhy software builds must be treated as observable processes, not binary actions
This article argues that software builds are commonly treated as a single binary action (success/failure) in CI/CD pipelines, but this abstr
Cordyceps CI/CD vulnerability exposes supply chain risks across major tech organizations
Security research from Novee Security reveals a CI/CD weakness called "Cordyceps" that allows unauthenticated GitHub users to hijack trusted
thenewstack.io·2d agoA brief (irreverent) history of software supply chain security from the 1990s to the AI era
A humorous, irreverent historical retrospective on software supply chain security, tracing the evolution from the late 1990s (when the autho

Comments
Sign in to join the conversation.
No comments yet. Be the first.