Introducing Tenki's code reviewer: deep, context-aware reviews that actually find bugs.Try it for Free
Back to Blog

Security

Supply chain security, SLSA, OIDC, secrets management, policy as code, and hardening.

Illustration of a compromised security scanner, showing how a trusted code scanning tool can be exploited to introduce vulnerabilities, bypass detection, and impact software supply chain security.
Hayssem Vazquez-Elsayed
Hayssem Vazquez-ElsayedApr 2026

When Your Security Scanner Gets Compromised

Security
10 min read
Illustration of GitHub Actions workflow lockfiles, showing how dependency locking improves CI/CD security, ensures reproducible builds, and prevents unauthorized changes.
Eddie Wang
Eddie WangApr 2026

GitHub Actions Workflow Lockfiles Are Coming

Security
8 min read
Overview of GitHub Actions artifact attestations, SLSA provenance, and supply chain security defaults
Hayssem Vazquez-Elsayed
Hayssem Vazquez-ElsayedFeb 2026

GitHub Actions Artifact Attestations: SLSA Provenance and Supply Chain Defaults

Security
11 min read
Guide on securing GitHub Actions by locking down GITHUB_TOKEN permissions
Hayssem Vazquez-Elsayed
Hayssem Vazquez-ElsayedFeb 2026

GitHub Actions Permissions: Lock Down GITHUB_TOKEN

Security
9 min read
Diagram showing GitHub Actions using OIDC with custom properties to enable attribute-based access control (ABAC) for secure cloud resource access.
Eddie Wang
Eddie WangJan 2026

GitHub Actions OIDC Custom Properties: ABAC Cloud Access

Security
8 min read

GET TENKI

Smarter reviews. Faster builds. Start for Free in less than 2 min.

Book demo for Tenki CloudBook a demo with Marina