GitHub Actions 2026: OIDC Claims, Runner Strategy, and Workflow Governance
How recent GitHub Actions updates change secure CI design, from OIDC custom properties to rerun limits and runner fleet planning.
Priya Sharma
Security and identity systems. Passkeys, privacy, and browser platform changes.
180 articles
GitHub OIDC for Dependabot and Code Scanning: Ending Long-Lived Registry Secrets in CI
A practical migration guide to OIDC-based authentication for private registries used by Dependabot and code scanning, with policy and incident-response patterns.
GitHub OIDC for Dependabot and Code Scanning: Building a Zero-Secret Security Pipeline
How to redesign CI security architecture now that Dependabot and code scanning can use OIDC with private registries at org scale.
From Secret Alerts to Action: Enterprise Remediation with Deployment Context
Using GitHub secret scanning improvements and deployment context metadata to prioritize, route, and close security incidents faster.
Agent Identity over CAPTCHA: Designing Zero-Trust Access in the MCP Era
A security architecture for moving from human-verification assumptions to policy-based agent identity and scoped authorization.
Cloudflare Mesh + Workers VPC: Private Connectivity Patterns for Agentic Systems
A practical architecture for giving autonomous agents scoped private access without exposing internal services to the public internet.
Cloudflare Mesh + Workers VPC: A Practical Private Access Playbook for Production AI Agents
How to design private tool access for AI agents on Cloudflare with scoped identity, policy boundaries, and measurable blast-radius control.
GitHub Copilot Autopilot Is Here: How to Govern Fully Autonomous Coding Sessions
A practical operating model for introducing Copilot Autopilot safely with policy tiers, audit trails, and measurable guardrails.
Passkey-Only Login at Scale: Enterprise Migration Patterns from Consumer Identity Shifts
A practical migration playbook for enterprises moving from passwords and SMS OTP toward passkey-first, phishing-resistant identity.
GitHub Copilot Data Residency and FedRAMP: Building a Practical AI Governance Control Plane
A field guide to turning new Copilot residency and compliance switches into enforceable engineering workflows.
Gemini at Home Raises the Stakes: Designing Privacy-Preserving Edge AI for Consumer Environments
How product and platform teams should design household AI systems with strict data boundaries, observability, and graceful failure behavior.
From Announcement to Delivery: Building a 2029 Post-Quantum Migration Program for Real Enterprises
A practical operating model for security, platform, and product teams translating post-quantum urgency into measurable migration work.
Cloudflare Organizations (Public Beta): Enterprise IAM and Account-Scale Governance Playbook
A practical operating model for introducing Cloudflare Organizations across multi-account enterprise estates.
Cloudflare Organizations Beta: Building an IAM Operating Model Across Accounts, Teams, and Automation
A practical operating model for adopting Cloudflare Organizations beta with federated identity, least privilege, and migration guardrails.
Cloudflare’s 2029 Post-Quantum Target: Designing a Real Migration Program Before Deadlines Collapse
How to convert post-quantum ambition into an executable migration program across TLS, internal PKI, and vendor dependencies.
Dependabot Alerts + AI Coding Agents: Designing a Governed Remediation Pipeline for Real Repos
How to operationalize GitHub’s new AI-agent assignment for Dependabot alerts with review gates, reproducibility, and measurable risk reduction.
Dependabot + AI Remediation + Nix: Building a Verifiable Vulnerability Response Pipeline
A practical enterprise architecture for combining Dependabot alerts, AI-assisted remediation, and Nix ecosystem support with auditable controls.
Cloudflare Organizations Beta: A Practical Governance Model for Multi-Account Enterprises
How Cloudflare Organizations changes identity, policy, and operations for enterprises managing many Cloudflare accounts.
Cloudflare's 2029 Post-Quantum Target: A Practical Migration Playbook for Engineering Teams
How to turn post-quantum urgency into an executable roadmap across TLS, service identity, and operational risk controls.
Signed Commits for Copilot Cloud Agent: What It Unlocks for Branch Protection
GitHub Copilot cloud agent commit signing enables stronger branch protection and clearer provenance for agent-generated changes.