Practical GitHub Repository Hardening for a Hugo Site
This hardening effort was directly triggered by the recent Trivy supply chain compromise, which impacted some repositories in my workplace and prompted a full review of my own repository controls. If you want the incident and response details, these two links are worth reading first: Incident analysis: Trivy Compromised a Second Time (StepSecurity) Official disclosure and remediation guidance: Aqua Security discussion #10425 This post is an updated, end-to-end view of the hardening work I applied to this repository. ...