# Securing CI/CD with Chainguard

URL: https://edu.chainguard.dev/software-security/learning-labs/ll202604.md
Last Modified: April 30, 2026
Tags: Learning Labs, Chainguard Actions

Learning lab for April 2026 on recent software supply chain incidents in GitHub Actions and how to leverage Chainguard products and tools to mitigate risks

The April 2026 Learning Lab with Erika Heidi goes through how attackers exploit vulnerable GitHub Actions workflows, and how Chainguard can protect your CI/CD pipelines from these threats. Sections 0:00 Introduction and agenda 5:31 Timeline of CI/CD software supply chain incidents 11:25 Open Source and CI/CD as the new target 12:47 2026: the year of AI-assisted attacks 15:16 Unpacking the Trivy Compromise 19:57 Secret exfiltration live demo 36:17 What could unfold from here 39:04 Strategies to mitigate risks 39:24 Repository inspection for insecure defaults 44:03 Minimize attack surface 48:48 Pull from trusted sources 52:21 Pin by digest 54:28 Use short lived tokens (ban PATs) 55:32 Use Chainguard Actions 58:55 Closing notes Resources Slide deck Chainguard Containers Chainguard Libraries Chainguard Actions Digestabot Octo-STS