DevSecOpsResources

DevSecOps and Supply Chain Hub

A hub for secret scanning, CI/CD token security, Git policy, Kubernetes image signing, SBOM, npm supply chain, and secure delivery.

Risk & Regulation Signals

Long-lived CI/CD credentials that become production access paths.

Secret leaks treated as code cleanup instead of incident response.

Unsigned or unverified artifacts moving from registry to production.

Built For

DevOps and platform teams responsible for secure delivery pipelines.

Security teams reducing secret, dependency, and CI/CD blast radius.

Engineering leaders turning security controls into developer-friendly workflows.

Build secret detection, rotation, revocation, and incident response workflows.

Review CI/CD tokens, Git policies, branch protection, and deployment identities.

Add supply-chain controls for packages, containers, signatures, and provenance.

Related advisories will appear here as disclosures are published.

Is secret scanning enough for DevSecOps?

No. Detection is only the first layer; rotation, revocation, history cleanup, blast-radius analysis, and prevention gates are required.

What should be checked first in CI/CD security?

Start with token scope, branch protection, environment approvals, deployment identity, dependency trust, and artifact provenance.

Talk with Eresus Security about scoped testing, threat modeling, and remediation priorities for this workflow.