Morningstar

Introducing Chainguard Actions: Trusted CI/CD Workflows for Developers and AI Coding Agents

CI/CD workflows operate with the highest privileges in modern software delivery, yet they remain among the least protected components in the development stack. As engineering teams increasingly build ...
CSOonline

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name. A ...
Visual Studio Magazine

Hardening CI/CD: Essential Strategies to Mitigate Security Risks

As DevOps practices mature and Continuous Integration/Continuous Deployment (CI/CD) pipelines become more deeply embedded in the software delivery lifecycle, the ...