Part two
This is the second post in a three-part series on how Cilium hardens its CI/CD pipeline. Part 1 covered access control: who can trigger builds and what code CI is allowed to execute. This post covers the dependency layer: what code those builds pull in, and how we make sure it hasn’t been tampered with.
Locking down dependencies
Once you control who triggers builds, the next question is w...
