Securing CI/CD with Chainguard

Learning lab for April 2026 on recent software supply chain incidents in GitHub Actions and how to leverage Chainguard products and tools to mitigate risks

1 min read

Learning Labs Chainguard Actions

The April 2026 Learning Lab with Erika Heidi goes through how attackers exploit vulnerable GitHub Actions workflows, and how Chainguard can protect your CI/CD pipelines from these threats.

Sections

0:00 Introduction and agenda
5:31 Timeline of CI/CD software supply chain incidents
11:25 Open Source and CI/CD as the new target
12:47 2026: the year of AI-assisted attacks
15:16 Unpacking the Trivy Compromise
19:57 Secret exfiltration live demo
36:17 What could unfold from here
39:04 Strategies to mitigate risks
39:24 Repository inspection for insecure defaults
44:03 Minimize attack surface
48:48 Pull from trusted sources
52:21 Pin by digest
54:28 Use short lived tokens (ban PATs)
55:32 Use Chainguard Actions
58:55 Closing notes

Resources

Slide deck
Chainguard Containers
Chainguard Libraries
Chainguard Actions
Digestabot
Octo-STS

Last updated: 2026-04-30 12:00

Securing CI/CD with Chainguard

Sections

Resources

Was this helpful?

Related Articles

Software supply chain attacks and Chainguard Libraries

Shipping Safer Container Runtimes in 2026

Chainguard OS on Raspberry Pi

Chainguard Libraries for JavaScript and CVE remediation for Python libraries

Static Chainguard Container Images