Notice: Function WP_Scripts::add was called incorrectly. The script with the handle "markdown-renderer" was enqueued with dependencies that are not registered: mermaid-js, prism-core. Please see Debugging in WordPress for more information. (This message was added in version 6.9.1.) in /home/dataadl/www/wp-includes/functions.php on line 6131

Searching in

Enter search term to find items
to navigate, to select, and to close

Securing CI/CD Pipelines: Best Practices 2022

Posted on by Nithin Mohan TK 1 min read

Your CI/CD pipeline has more secrets than your production environment. It is a prime attack target.

Top Security Controls

  • OIDC Authentication: Use GitHub OIDC to assume AWS/Azure roles without storing long-lived credentials.
  • Least Privilege: Build agents should only have permissions to push images, not modify IAM.
  • Signed Commits: Require GPG-signed commits before triggering builds.
  • Dependency Pinning: Use SHA digests for Docker base images, not :latest.

Discover more from C4: Container, Code, Cloud & Context

Subscribe to get the latest posts sent to your email.

Posted in Uncategorized

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.