Focus 1
Secrets
Keep secrets out of repositories, prompts, CI logs, and generated artifacts.
Technical risk
Software supply chain
Supply chain controls reduce exposure from dependencies, secrets, CI/CD permissions, and build provenance.
Focus 2
Dependencies
Use lockfiles, update policies, provenance checks, and security advisory monitoring.
Focus 3
CI/CD permissions
Use least-privilege tokens and separate deploy rights from test rights.
Focus 4
SBOM
Generate and retain a software bill of materials for deployable releases.