Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Learn how insecure CI/CD pipeline defaults can create undetected supply chain vulnerabilities through a real-world security incident analysis. Explore the forensic investigation of a 2-year-old exposed token that enabled potential manipulation of public images and forced code signing credential revocation at an open-source company managing macOS, Linux, and Windows packages. Examine the detailed investigation process including registry image diffing, scanning across npm, PyPI, and Docker Hub, and token exposure tracing. Understand the root causes including inadequate artifact scanning, poor secret hygiene, and misplaced trust in CI defaults. Discover practical security improvements including automated scanners, proper secret permissions management, comprehensive security reviews, and additional mitigation strategies to prevent similar supply chain attacks from remaining undetected for extended periods.
