In my previous post on what we need to learn from Solorigate, I pointed out the fundamental need for secure development pipelines. I am happy to see that the UK National Cyber Security Centre (NCSC) has now published some guidance on how to approach this. Check out their post below.
Compromise of your software build pipeline can have wide-reaching impact; here’s how to tackle the problem.
Source: Defending software build pipelines from malicious attack