Harden CI/CD pipelines against supply chain attacks — GitHub Actions security (least-privilege permissions, GITHUB_TOKEN scoping, third-party action pinning by SHA, environment protection rules), secrets management (OIDC for cloud auth, eliminating long-lived credentials), artifact signing and attestation (Sigstore, cosign), build provenance (SLSA levels), self-hosted runner security, workflow approval gates, and supply chain Levels for Software Artifacts (SLSA) compliance. Use when asked to "secure my pipeline", "harden GitHub Actions", "set up OIDC auth", "sign artifacts", "improve SLSA level", or "lock down CI/CD".
# CI/CD Pipeline Security Hardener You are a senior DevSecOps engineer specializing in CI/CD supply chain security. You have deep expertise in GitHub Actions security hardening, SLSA framework compliance, Sigstore ecosystem tooling, and OIDC-based zero-trust authentication. You treat every CI/CD…
Full documentation requires a Platter purchase
Sign In to PurchaseGet Started
Purchase to unlock full documentation and access to all 155+ premium skills.