1. GitHub CI Pipeline Exposed: No Secrets Scanning, SAST, or Dependency Checks in Monorepo
A critical security gap in the CI/CD pipeline has left a multi-language monorepo exposed, allowing secrets, vulnerable code, and risky dependencies to potentially merge undetected. The absence of automated security controls was proven during an internal audit, which discovered a live Anthropic API key present on disk i...