<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Workflow注入 :: 标签 :: x7peeps</title><link>https://x7peeps.com/tags/Workflow%E6%B3%A8%E5%85%A5/index.html</link><description/><generator>Hugo</generator><language>zh-CN</language><lastBuildDate>Mon, 13 Jul 2026 15:00:00 +0800</lastBuildDate><atom:link href="https://x7peeps.com/tags/Workflow%E6%B3%A8%E5%85%A5/index.xml" rel="self" type="application/rss+xml"/><item><title>GitOps与CI/CD管道安全取证深度分析</title><link>https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/GitOps%E4%B8%8ECI-CD%E7%AE%A1%E9%81%93%E5%AE%89%E5%85%A8%E5%8F%96%E8%AF%81%E6%B7%B1%E5%BA%A6%E5%88%86%E6%9E%90/index.html</link><pubDate>Mon, 13 Jul 2026 15:00:00 +0800</pubDate><guid>https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/GitOps%E4%B8%8ECI-CD%E7%AE%A1%E9%81%93%E5%AE%89%E5%85%A8%E5%8F%96%E8%AF%81%E6%B7%B1%E5%BA%A6%E5%88%86%E6%9E%90/index.html</guid><description>系统剖析GitOps与CI/CD管道安全取证全链路方法论，涵盖GitHub Actions/GitLab CI Workflow注入攻击检测、构建环境篡改与依赖投毒取证、Sigstore/Cosign制品签名与SBOM完整性验证、Git签名伪造与Webhook劫持分析、CI/CD凭证泄露与OIDC滥用检测、ArgoCD/FluxCD GitOps部署管道攻击取证，结合Codecov/Event-Stream等真实供应链攻击案例提供Sigma规则与自动化检测脚本</description></item></channel></rss>