Threat Modeling CI/CD Pipelines with OWASP and MITRE ATT&CK
Mapping Real-World Attack Paths to Supply-Chain Security Controls
Apr 18, 20269 min read
Command Palette
Search for a command to run...
#supply-chain
Articles tagged with #supply-chain
Governance by Design: M-of-N Approvals and Just-In-Time Authority for High-Risk CI/CD Actions
Replacing Standing Privilege with Contextual, Multi-Human Control
Apr 11, 20268 min read1The Dirty Laptop Hypothesis: Why Your CI/CD Approval UI Cannot Be Trusted
Physical Isolation as the Missing Primitive in DevSecOps Security Introduction: The Uncomfortable Truth About Developer Machines Security architecture often treats developer workstations as “trusted enough.” This is a comforting illusion. Modern dev...
Feb 11, 20263 min read2The Intent-Verification Gap in CI/CD: Why Authentication Fails Under Real Attacks
From Stochastic Trust to Deterministic Human Intent in Hostile Build Environments Introduction: The Assumption That Keeps Failing Modern CI/CD pipelines are built on a deceptively simple assumption: If an action originates from a valid session toke...
Feb 7, 20266 min read1How I Built a Physical Kill-Switch for CI/CD Pipelines to Stop SolarWinds-Style Attacks
From Stochastic Identity to Deterministic Intent: A Zero-Trust Architecture for Hostile Environments In December 2020, the SolarWinds Sunburst attack exposed a catastrophic flaw in how we think about CI/CD security. The attackers (APT29) didn't brea...
Feb 3, 202615 min read22