Introducing Tenki's code reviewer: deep, context-aware reviews that actually find bugs.Try it for Free
Back to Blog

Security

Supply chain security, SLSA, OIDC, secrets management, policy as code, and hardening.

Security alert about the Axios npm supply chain attack and CI/CD lockdown actions
Eddie Wang
Eddie WangMay 2026

Axios npm Supply Chain Attack: What CI/CD Teams Must Lock Down

Security
9 min read
GitHub MCP scanning launch - why your AI code review layer still matters for security and quality
Hayssem Vazquez-Elsayed
Hayssem Vazquez-ElsayedMay 2026

GitHub MCP Scanning Is Here. Your Review Layer Still Matters.

Security
6 min read
GitHub and Microsoft Defender integration - linking code repositories to cloud security risk visibility
Eddie Wang
Eddie WangMay 2026

GitHub Connects Code to Cloud Risk via Defender

Security
6 min read
Illustration of prompt injection attacks targeting AI-powered GitHub Actions
Eddie Wang
Eddie WangMay 2026

Prompt Injection in AI-Powered GitHub Actions

Security
10 min read
Prompt injection attack - how a single PR comment hijacked three AI coding agents in a code review
Eddie Wang
Eddie WangApr 2026

The PR Comment That Hijacked Three AI Agents

Security
10 min read
OWASP AI Agent Security Top 10 audit guide for CI/CD pipelines
Eddie Wang
Eddie WangApr 2026

OWASP AI Agent Security Top 10: CI/CD Audit Guide

Security
11 min read
CI/CD pipeline policy as code - transitioning from YAML security configurations to centralized governance frameworks
Hayssem Vazquez-Elsayed
Hayssem Vazquez-ElsayedApr 2026

CI/CD Policy as Code: From YAML Security to Centralized Governance

Security
10 min read
Illustration of a compromised security scanner, showing how a trusted code scanning tool can be exploited to introduce vulnerabilities, bypass detection, and impact software supply chain security.
Hayssem Vazquez-Elsayed
Hayssem Vazquez-ElsayedApr 2026

When Your Security Scanner Gets Compromised

Security
10 min read
Illustration of GitHub Actions workflow lockfiles, showing how dependency locking improves CI/CD security, ensures reproducible builds, and prevents unauthorized changes.
Eddie Wang
Eddie WangApr 2026

GitHub Actions Workflow Lockfiles Are Coming

Security
8 min read
Overview of GitHub Actions artifact attestations, SLSA provenance, and supply chain security defaults
Hayssem Vazquez-Elsayed
Hayssem Vazquez-ElsayedFeb 2026

GitHub Actions Artifact Attestations: SLSA Provenance and Supply Chain Defaults

Security
11 min read
Guide on securing GitHub Actions by locking down GITHUB_TOKEN permissions
Hayssem Vazquez-Elsayed
Hayssem Vazquez-ElsayedFeb 2026

GitHub Actions Permissions: Lock Down GITHUB_TOKEN

Security
9 min read
Diagram showing GitHub Actions using OIDC with custom properties to enable attribute-based access control (ABAC) for secure cloud resource access.
Eddie Wang
Eddie WangJan 2026

GitHub Actions OIDC Custom Properties: ABAC Cloud Access

Security
8 min read

GET TENKI

Smarter reviews. Faster builds. Start for Free in less than 2 min.

Talk to an Engineer