cicd-security
4 posts
A Trivy-based CI/CD misconfiguration led to credential exposure in a Cisco-related incident
A review of how a misconfigured Trivy scan in Cisco’s CI/CD pipeline led to AWS credential exposure due to unverified post-scan execution. Explores the systemic failure behind treating scanning outputs as trusted signals.
How Systems Inherit Trust Without Revalidating It
Systems inherit trust without revalidation, creating blind spots for persistent compromise. When execution relies on reference rather than verification, attackers exploit valid workflows to propagate silently across infrastructure.
How Trust in Open-Source Updates Becomes a Systemic Failure Mode
A structural analysis of how trust in open-source updates becomes exploitable when systems assume past safety implies future safety, using the Trivy compromise as a case study.
ShinyHunters, Trivy, and the Pipeline Identity Problem
ShinyHunters cloned 300 Cisco repositories through Trivy running in a CI/CD pipeline. This is what failed structurally, why it failed, and what pipeline identity enforcement must look like.