1. Mutable 'Latest' Docker Tag in CI/CD Pipeline Raises Supply Chain Attack Risk for IoT-Wall API
A security review has identified a critical configuration weakness in the CI/CD pipeline responsible for building and publishing the IoT-Wall API container images. The pipeline at `.github/workflows/api-build.yml` (lines 88–89) simultaneously pushes Docker images with two tagging strategies: an immutable SHA-based tag ...