GigaTap articles tagged ci_cd.
- Mini Shai-Hulud: Where SLSA L2 Breaks - Valid SLSA attestations did not prevent a CI/CD compromise. Cache poisoning and token leakage exposed the limits of SLSA L2 isolation assumptions.
- GitLab Adds a CI Component Map for Version Drift - GitLab 19.0 gives platform teams visibility into where shared CI components are used, which versions are running, and where stale pipeline standards still
- Mini Shai-Hulud hits npm and CI trust paths - A fresh Mini Shai-Hulud campaign compromised npm packages, GitHub Actions, and PyPI entries, turning maintainer trust and CI secrets into the attack surfac
- Compromised npm packages put CI/CD secrets at risk - Microsoft says malicious @antv npm packages targeted GitHub Actions and cloud credentials through install-time execution.
- ship-safe scans the new agent-era security seam - A public GitHub project claims checks for CI/CD drift, agent permissions, MCP tool injection, secrets, and AI dependency risk. Useful idea, but verify scop