Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn how insecure CI/CD pipeline defaults can create undetected supply chain vulnerabilities through a real-world security incident analysis. Explore the forensic investigation of a 2-year-old exposed token that enabled potential manipulation of public images and forced code signing credential revocation at an open-source company managing macOS, Linux, and Windows packages. Examine the detailed investigation process including registry image diffing, scanning across npm, PyPI, and Docker Hub, and token exposure tracing. Understand the root causes including inadequate artifact scanning, poor secret hygiene, and misplaced trust in CI defaults. Discover practical security improvements including automated scanners, proper secret permissions management, comprehensive security reviews, and additional mitigation strategies to prevent similar supply chain attacks from remaining undetected for extended periods.
