Our blog

Blog posts to help you on your journey

6 Practical Steps to Harden Your GitHub Project's Supply Chain blog post

Mar 13, 2026

6 Practical Steps to Harden Your GitHub Project's Supply Chain

A step-by-step guide to adding SLSA provenance, OpenSSF Scorecard, SHA-pinned actions, least-privilege tokens, and more to your open-source project.

CI/CD Compliance Framework for Secure Pipelines blog post

Mar 11, 2026

CI/CD Compliance Framework for Secure Pipelines

Plumber 1.1 Release - What's New blog post

Mar 9, 2026

Plumber 1.1 Release - What's New

Hardening Plumber's Supply Chain: SLSA 3, OpenSSF Scorecard, and Best Practices blog post

Mar 6, 2026

Hardening Plumber's Supply Chain: SLSA 3, OpenSSF Scorecard, and Best Practices

hackerbot-claw: CI/CD Pipelines Are the New Attack Surface blog post

Mar 3, 2026

hackerbot-claw: CI/CD Pipelines Are the New Attack Surface

Point Base « Customer Story » blog post

Feb 24, 2026

Point Base « Customer Story »

Your GitLab Pipelines Are Probably Non-Compliant. Here's How to Fix That in 5 Minutes. blog post

Feb 10, 2026

Your GitLab Pipelines Are Probably Non-Compliant. Here's How to Fix That in 5 Minutes.

Plumber 1.0 Release - What's New blog post

Feb 4, 2026

Plumber 1.0 Release - What's New

Shai-Hulud 2.0: When npm install Becomes a CI/CD Attack blog post

Nov 25, 2025

Shai-Hulud 2.0: When npm install Becomes a CI/CD Attack

Could a Supply Chain Attack Like tj-actions/change-files Hit GitLab CI/CD Pipelines? blog post

Mar 19, 2025

Could a Supply Chain Attack Like tj-actions/change-files Hit GitLab CI/CD Pipelines?

Plumber lauréat France 2030 – « Soutien aux PME et startups en cybersécurité » blog post

Mar 11, 2025

Plumber lauréat France 2030 – « Soutien aux PME et startups en cybersécurité »

Top 5 Software Supply Chain Security Incidents blog post

Aug 19, 2024

Top 5 Software Supply Chain Security Incidents

View blog archive