Practical GitHub Repository Hardening for a Hugo Site
This hardening effort was directly triggered by the recent Trivy supply chain compromise, which impacted some repositories in my workplace. That prompted a full review of my own repository controls. If you want more information about the incident and the response, the following two links are worth reading first: Incident analysis: Trivy Compromised a Second Time (StepSecurity) Official disclosure and remediation guidance: Aqua Security discussion #10425 The aim of my actions to my repository was not to chase perfect security. It was to put in place some practical controls that are easy to maintain and that reduce real risk in day-to-day development. ...