CI/CD security
6 posts
Contractor PAT leaked 270GB of Times source
The 2024 NYT source code leak was not a credential breach. It was a credential sprawl chain. The mechanism, telemetry gaps, and what still applies.
Your GitHub commits were never trustworthy
Megalodon compromised 55,000 GitHub repositories. A technical breakdown of the trust boundary that failed and what repository owners must now verify.
A Trivy-based CI/CD misconfiguration led to credential exposure in a Cisco-related incident
A review of how a misconfigured Trivy scan in Cisco's CI/CD pipeline led to AWS credential exposure due to unverified post-scan execution. Explores the systemic failure behind treating scanning outputs as trusted signals.
ShinyHunters, Trivy, and the Pipeline Identity Problem
ShinyHunters cloned 300 Cisco repositories through Trivy running in a CI/CD pipeline. This is what failed structurally, why it failed, and what pipeline identity enforcement must look like.
Trivy Supply Chain Attack Exposes Cisco Source Code
ShinyHunters stole Cisco source code via Trivy supply chain attack due to exposed AWS keys in CI/CD pipelines. Here's how it happened and what you must fix now.
Trivy Supply Chain Attack Exposes Cisco's Source Code
ShinyHunters stole Cisco's source code via Trivy supply chain attack. A compromised Docker image led to AWS key exposure and 300 repos cloned. The real failure was trusting tools without verifying integrity.