iam

2 posts

Article

CISA admin pushed GovCloud keys to GitHub

A CISA administrator committed AWS GovCloud credentials to GitHub. The failure is the issuance model, not the commit.

May 27, 2026

Article

ShinyHunters, Trivy, and the Pipeline Identity Problem

ShinyHunters cloned 300 Cisco repositories through Trivy running in a CI/CD pipeline. This is what failed structurally, why it failed, and what pipeline identity enforcement must look like.

Apr 2, 2026