AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Learn how insecure CI/CD pipeline defaults can create undetected supply chain vulnerabilities through a real-world security incident analysis. Explore the forensic investigation of a 2-year-old exposed token that enabled potential manipulation of public images and forced code signing credential revocation at an open-source company. Examine the detailed breakdown of what went wrong, including lack of artifact scanning, weak secret hygiene, and implicit trust in CI defaults. Discover practical security improvements including automated scanners, secret permissions management, and comprehensive security review processes. Gain insights into identifying and mitigating highly exploitable attack vectors that can remain hidden for years, helping prevent supply chain attacks before they occur.
