This is a follow up on my older post “7 Best Practices of Modern CI/CD“. Points outlined there still hold true, but they are missing several important security considerations. Today, in 2026, CI/CD pipelines have become one of the key supply chain attack vectors (refer, for example, to the recent Trivy compromise). That warrants an update. 1. Redundancy: At Least 2 Independent Systems Need to Fail for a Successful Compromise This is the core principle, but it is also abstract. The following ones will be more actionable. Here we assume that compromise may already have happened somewhere. Therefore, each system must be designed in such a way that any particular compromised system should not be enough for an attacker to reach their goal. See a practical implementation of this principle in the ReARM Blog. 2. Different Pipelines Must Not Share Credentials Consider a traditional GitHub Actions publishing pipeline for a library. All workflow YAML files are located in one directory. One of…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.