The Codecov supply-chain attack has alerted everyone against storing secrets in CI/CD environment variables, no matter how safe the environment might be. Attacks on automation tools like Jenkins, GitHub Actions and cloud-native containerized environments have further prompted companies to explore and deploy effective defenses for these tools. Below are some best practices to ensure your CI-CD pipelines remain secure. The reason behind the large success of the attack remains that the attackers exfiltrated by the attackers contained hardcoded secrets including passwords, tokens, and keys.”]
Source: https://www.csoonline.com/article/3624577/securing-cicd-pipelines-6-best-practices.html