Search for a command to run...
Articles tagged with #ci-cd
Using WebAuthn as a Cryptographic Proof of Human Presence in Hostile Networks Introduction: Authentication That Fails in Real Attacks Most CI/CD systems rely on: TOTP codes Push notifications Long
Why High-Assurance Systems Must Treat Humans as Coercible Attack Surfaces Introduction: The Missing Threat Model in DevSecOps Most CI/CD security models treat the human operator as a trusted, volunta
Hardware-Rooted Intent Verification as a Trust Boundary Introduction: Why CI/CD Approval Must Leave the Laptop Modern CI/CD approval flows run on developer laptops. This is a structural error. Develo
Forcing Digital Supply-Chain Attacks Into the Physical World Introduction: Security Is Economics, Not Perfection Security architecture does not eliminate attacks.It reshapes the economics of attackin
Why Provenance Without Intent Is Not Enough Introduction: The Rise of Supply-Chain Frameworks Sigstore, in-toto, and SLSA represent real progress in supply-chain security. They provide: Artifact sig
Verifying CI/CD Artifacts Against Human-Signed Source Trees Introduction: The Build Server Is Not a Source of Truth Most CI/CD security models assume the build server is honest. This is a dangerous assumption. SolarWinds demonstrated that a build sy...