CI/CD & Pipelines
CI/CD Security Reference
Search CI/CD security practices — OIDC authentication, GitHub Actions permissions, secret scanning, third-party action pinning, and dependency confusion.
No data is transmitted — everything runs locallyTool
About this tool
CI/CD Security Reference
The CI/CD Security Reference covers OIDC authentication, GitHub Actions permissions scoping, secret scanning, third-party action pinning, and dependency confusion mitigations.
• Look up OIDC configuration for AWS credential-free GitHub Actions authentication
• Reference minimal permissions syntax for a GitHub Actions job
• Find third-party action pinning guidance before adding a marketplace action
• Reference dependency confusion mitigations for a supply chain security audit
Next step
CI Artifact Retention Cost Calculator — Calculate GitHub Actions artifact storage cost from artifact size and retention period.
Open CI Artifact Retention Cost Calculator →
FAQ
What does this tool tell you?
The CI/CD Security Reference covers OIDC authentication, GitHub Actions permissions scoping, secret scanning, third-party action pinning, and dependency confusion mitigations.
What affects the result most?
Secret scanning: GitHub Advanced Security scans for credentials in push — blocks commit with token. OIDC authentication: GitHub Actions can assume AWS/GCP/Azure roles without long-lived credentials. permissions: block at job level — contents: read, packages: write, id-token: write only what's needed.
How should I use the result?
Use this tool to orient quickly to the concepts, field names, or values you are about to look up in a full specification or vendor documentation. It summarizes the common cases; the authoritative source remains whichever standard or vendor doc defines the values themselves.