Skip to content

Novya369/ci-cd-secrets-access-hardening

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
insecure-pipeline
insecure-pipeline
 
 
policies
policies
 
 
secure-pipeline
secure-pipeline
 
 
README.md
README.md
 
 

Repository files navigation

CI/CD Secrets & Access Hardening for DevSecOps Pipelines

Overview

This project demonstrates how insecure CI/CD pipelines expose secrets, over-privilege access, and violate least-privilege principles and how to harden pipelines using secure secrets handling, scoped access, and security validation.

The focus is pipeline security design, not application complexity.

Objective

Demonstrate:

- Common CI/CD security anti-patterns

- Secrets exposure risks

- Over-privileged pipeline access

- Hardened pipelines using least-privilege and validation controls

Scope

- Show bad vs good pipeline design

- Demonstrate secrets exposure risks

- Enforce least privilege

- Add security validation gates

Repository Structure

- insecure-pipeline/ : intentionally vulnerable pipeline

- secure-pipeline/ : hardened pipeline

- policies/ : security validation rules

- docs/ : threat model and security decisions

About

Demonstrates insecure vs hardened CI/CD pipelines with secrets handling, least-privilege access, and security validation for DevSecOps.

Topics

ci-cd software-supply-chain devsecops secrets-management least-privilege github-actions pipeline-security

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0 Latest
Jan 21, 2026

Packages

 
 
 

Contributors