#cicd-security

[ follow ]
#github-actions #secret-scanning #sbom #supply-chain-attack #software-supply-chain #cloud-security
fromTechzine Global
3 days ago

Upwind raises $250 million for cloud security

Upwind focuses on securing public cloud environments with a so-called runtime-first approach. According to the company, traditional security models are increasingly out of step with modern cloud architectures, in which real-time applications and AI workloads play an increasingly important role. The CEO and co-founder argues that security should be based on what is actually happening in a cloud environment, rather than on static assumptions or snapshots.
Information security
Information security
fromThe Hacker News
2 weeks ago

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A CodeBuild misconfiguration (CodeBreach) allowed unauthenticated attackers to hijack AWS-managed GitHub repositories, risking supply-chain and platform-wide compromise across AWS environments.
fromTheregister
2 weeks ago

A simple CodeBuild flaw put every AWS environment at risk

This vulnerability compromised a core library used in the AWS Console itself - the central nervous system of the cloud,
Information security
fromInfoWorld
2 weeks ago

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A massive surge in attacks on the npm ecosystem over the past year reveals a stark shift in the software supply‑chain threat landscape. What once amounted to sloppy typosquatting attempts has evolved into coordinated, credential-driven intrusions targeting maintainers, CI pipelines, and the trusted automation that underpins modern development. For security leaders, these aren't niche developer mishaps anymore - they're a direct pathway into production systems, cloud infrastructure, and millions of downstream applications.
Information security
Information security
fromInfoWorld
1 month ago

AI in CI/CD pipelines can be tricked into behaving badly

AI agents in CI/CD pipelines can be manipulated via crafted GitHub issue or pull request text to execute high-privilege commands and disclose secrets.
Information security
fromInfoQ
2 months ago

Trust No One: Securing the Modern Software Supply Chain with Zero Trust

Apply Zero Trust principles to secure software supply chains and CI/CD pipelines by managing dependencies, enforcing controls, and embedding developer-focused security practices.
Information security
fromInfoQ
3 months ago

HashiCorp Warns Traditional Secret Scanning Tools Are Falling Behind

Traditional secret scanning tools fail to prevent secret exposure; prevention-first integration across developer tools, CI/CD pipelines, and incident response is required.
#github-actions
fromMedium
4 months ago
Information security

GitHub Actions as a Secure DevOps Orchestrator: Beyond CI/CD

GitHub Actions can serve as a security command center to automate SBOM creation, secret scanning, compliance enforcement, and to block risky deployments before production.
fromInfoQ
9 months ago
DevOps

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
more#github-actions
Information security
fromMedium
4 months ago

DevOps Quantum Leap: Emerging Use Cases of Quantum-Safe Cryptography

Integrate post-quantum cryptography into CI/CD pipelines now to protect secrets, keys, and infrastructure from future quantum-computer attacks.
[ Load more ]