{"id":59,"date":"2026-01-16T15:39:32","date_gmt":"2026-01-16T14:39:32","guid":{"rendered":"https:\/\/secure-pipelines.com\/?page_id=59"},"modified":"2026-03-25T09:06:33","modified_gmt":"2026-03-25T08:06:33","slug":"resources","status":"publish","type":"page","link":"https:\/\/secure-pipelines.com\/fr\/resources\/","title":{"rendered":"Ressources"},"content":{"rendered":"<p>Cette page rassemble les mat\u00e9riaux de r\u00e9f\u00e9rence, outils et ressources techniques li\u00e9s \u00e0 la s\u00e9curit\u00e9 CI\/CD et \u00e0 la protection de la cha\u00eene d&rsquo;approvisionnement logicielle.<\/p>\n<p>Les ressources list\u00e9es ici sont s\u00e9lectionn\u00e9es pour leur pertinence, leur profondeur technique et leur utilit\u00e9 pratique.<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<h2 class=\"wp-block-heading\">Standards et frameworks<\/h2>\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/slsa.dev\/\" target=\"_blank\" rel=\"noopener\">SLSA (Supply-chain Levels for Software Artifacts)<\/a><\/strong><br \/>Framework pour am\u00e9liorer l&rsquo;int\u00e9grit\u00e9 des builds et la provenance dans les cha\u00eenes d&rsquo;approvisionnement logicielles.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/artifact-provenance-attestations-slsa-in-toto-2\/\">\u2192 Guide : Provenance des artefacts et attestations<\/a> | <a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-generating-verifying-slsa-provenance-container-images\/\">\u2192 Lab : Provenance SLSA<\/a><\/li>\n<li><strong><a href=\"https:\/\/in-toto.io\/\" target=\"_blank\" rel=\"noopener\">in-toto<\/a><\/strong><br \/>Framework pour s\u00e9curiser l&rsquo;int\u00e9grit\u00e9 des cha\u00eenes d&rsquo;approvisionnement logicielles via des m\u00e9tadonn\u00e9es et des attestations.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/artifact-provenance-attestations-slsa-in-toto-2\/\">\u2192 Guide : De SLSA \u00e0 in-toto<\/a><\/li>\n<li><strong><a href=\"https:\/\/csrc.nist.gov\/projects\/ssdf\" target=\"_blank\" rel=\"noopener\">SSDF (NIST Secure Software Development Framework)<\/a><\/strong><br \/>Directives pour int\u00e9grer la s\u00e9curit\u00e9 tout au long du cycle de vie du d\u00e9veloppement logiciel.<\/li>\n<li><strong><a href=\"https:\/\/owasp.org\/www-project-top-10-ci-cd-security-risks\/\" target=\"_blank\" rel=\"noopener\">OWASP Top 10 CI\/CD Risks<\/a><\/strong><br \/>Mod\u00e8le de menaces ax\u00e9 sur les risques de s\u00e9curit\u00e9 des pipelines CI\/CD.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/defensive-patterns-mitigations-ci-cd-pipeline-attacks\/\">\u2192 Guide : Patterns d\u00e9fensifs et mesures d&rsquo;att\u00e9nuation<\/a><\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<h2 class=\"wp-block-heading\">Outils de s\u00e9curit\u00e9 CI\/CD<\/h2>\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/sigstore.dev\/\" target=\"_blank\" rel=\"noopener\">Sigstore<\/a> (<a href=\"https:\/\/github.com\/sigstore\/cosign\" target=\"_blank\" rel=\"noopener\">Cosign<\/a>, <a href=\"https:\/\/github.com\/sigstore\/rekor\" target=\"_blank\" rel=\"noopener\">Rekor<\/a>, <a href=\"https:\/\/github.com\/sigstore\/fulcio\" target=\"_blank\" rel=\"noopener\">Fulcio<\/a>)<\/strong><br \/>Outillage pour la signature, la v\u00e9rification et l&rsquo;enregistrement des artefacts logiciels et des attestations.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/signing-verifying-container-images-sigstore-cosign\/\">\u2192 Guide : Signature avec Sigstore et Cosign<\/a> | <a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-signing-verifying-container-images-cosign-github-actions\/\">\u2192 Lab : Cosign dans GitHub Actions<\/a><\/li>\n<li><strong><a href=\"https:\/\/aquasecurity.github.io\/trivy\/\" target=\"_blank\" rel=\"noopener\">Trivy<\/a><\/strong><br \/>Scanner de vuln\u00e9rabilit\u00e9s, de configurations et de SBOM pour les conteneurs et les pipelines.<\/li>\n<li><strong><a href=\"https:\/\/github.com\/anchore\/syft\" target=\"_blank\" rel=\"noopener\">Syft<\/a><\/strong><br \/>Outil de g\u00e9n\u00e9ration de SBOM pour les conteneurs et les artefacts sources.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-sbom-pipeline-generate-attest-verify-syft-cosign\/\">\u2192 Lab : Pipeline SBOM avec Syft et Cosign<\/a><\/li>\n<li><strong><a href=\"https:\/\/github.com\/anchore\/grype\" target=\"_blank\" rel=\"noopener\">Grype<\/a><\/strong><br \/>Scanner de vuln\u00e9rabilit\u00e9s bas\u00e9 sur l&rsquo;analyse de SBOM.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-sbom-pipeline-generate-attest-verify-syft-cosign\/\">\u2192 Lab : Pipeline SBOM avec Syft et Cosign<\/a><\/li>\n<li><strong><a href=\"https:\/\/www.checkov.io\/\" target=\"_blank\" rel=\"noopener\">Checkov<\/a><\/strong><br \/>Outil d&rsquo;analyse statique pour l&rsquo;infrastructure as code et les configurations de pipeline.<\/li>\n<li><strong><a href=\"https:\/\/github.com\/gitleaks\/gitleaks\" target=\"_blank\" rel=\"noopener\">Gitleaks<\/a><\/strong><br \/>Outil de d\u00e9tection de secrets pour les d\u00e9p\u00f4ts git, les hooks pre-commit et les pipelines CI\/CD.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-detecting-preventing-secret-leaks-ci-cd-pipelines\/\">\u2192 Lab : D\u00e9tection et pr\u00e9vention des fuites de secrets<\/a><\/li>\n<li><strong><a href=\"https:\/\/github.com\/trufflesecurity\/trufflehog\" target=\"_blank\" rel=\"noopener\">TruffleHog<\/a><\/strong><br \/>Scanner de credentials avec d\u00e9tection v\u00e9rifi\u00e9e de secrets dans l&rsquo;historique git, les syst\u00e8mes de fichiers et les services cloud.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-detecting-preventing-secret-leaks-ci-cd-pipelines\/\">\u2192 Lab : D\u00e9tection et pr\u00e9vention des fuites de secrets<\/a><\/li>\n<li><strong><a href=\"https:\/\/github.com\/rhysd\/actionlint\" target=\"_blank\" rel=\"noopener\">actionlint<\/a><\/strong><br \/>V\u00e9rificateur statique pour les fichiers de workflow GitHub Actions \u2014 d\u00e9tecte les erreurs de configuration et les risques d&rsquo;injection d&rsquo;expressions.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-detecting-malicious-github-actions-static-analysis\/\">\u2192 Lab : D\u00e9tection de GitHub Actions malveillantes<\/a><\/li>\n<li><strong><a href=\"https:\/\/github.com\/woodruffw\/zizmor\" target=\"_blank\" rel=\"noopener\">zizmor<\/a><\/strong><br \/>Analyse statique orient\u00e9e s\u00e9curit\u00e9 pour les workflows GitHub Actions.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-detecting-malicious-github-actions-static-analysis\/\">\u2192 Lab : D\u00e9tection de GitHub Actions malveillantes<\/a><\/li>\n<li><strong><a href=\"https:\/\/github.com\/google\/go-containerregistry\/tree\/main\/cmd\/crane\" target=\"_blank\" rel=\"noopener\">crane<\/a><\/strong><br \/>Outil CLI pour interagir avec les registres de conteneurs \u2014 inspecter, copier, modifier et comparer les images.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-artifact-tampering-detection-swapping-container-images-registry-2\/\">\u2192 Lab : Falsification et d\u00e9tection d&rsquo;artefacts<\/a><\/li>\n<li><strong><a href=\"https:\/\/diffoscope.org\/\" target=\"_blank\" rel=\"noopener\">diffoscope<\/a><\/strong><br \/>Outil de comparaison approfondie pour les fichiers, r\u00e9pertoires et images de conteneurs \u2014 essentiel pour v\u00e9rifier la reproductibilit\u00e9 des builds.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-reproducible-container-builds-pinning-verifying-diffing\/\">\u2192 Lab : Builds de conteneurs reproductibles<\/a><\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<h2 class=\"wp-block-heading\">Application des politiques et contr\u00f4les<\/h2>\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/www.openpolicyagent.org\/\" target=\"_blank\" rel=\"noopener\">Open Policy Agent (OPA)<\/a><\/strong><br \/>Moteur de politiques g\u00e9n\u00e9raliste pour appliquer des contr\u00f4les de s\u00e9curit\u00e9 dans les pipelines.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/policy-as-code-ci-cd-opa-rego-security-gates-2\/\">\u2192 Guide : Policy as Code avec OPA et Rego<\/a> | <a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-enforcing-kubernetes-policies-opa-conftest-ci-cd-2\/\">\u2192 Lab : OPA Conftest en CI\/CD<\/a><\/li>\n<li><strong><a href=\"https:\/\/kyverno.io\/\" target=\"_blank\" rel=\"noopener\">Kyverno<\/a><\/strong><br \/>Moteur de politiques con\u00e7u pour les environnements Kubernetes-natifs.<\/li>\n<li><strong><a href=\"https:\/\/www.conftest.dev\/\" target=\"_blank\" rel=\"noopener\">Conftest<\/a><\/strong><br \/>Outil pour \u00e9crire et tester des politiques sur des donn\u00e9es de configuration structur\u00e9es.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-enforcing-kubernetes-policies-opa-conftest-ci-cd-2\/\">\u2192 Lab : OPA Conftest en CI\/CD<\/a><\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<h2 class=\"wp-block-heading\">Gestion des secrets<\/h2>\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/www.vaultproject.io\/\" target=\"_blank\" rel=\"noopener\">HashiCorp Vault<\/a><\/strong><br \/>Plateforme de gestion des secrets avec secrets dynamiques, chiffrement et acc\u00e8s bas\u00e9 sur l&rsquo;identit\u00e9.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/secrets-management-ci-cd-pipelines-patterns-vault-2\/\">\u2192 Guide : Gestion des secrets avec int\u00e9gration Vault<\/a><\/li>\n<li><strong><a href=\"https:\/\/docs.github.com\/en\/actions\/security-for-github-actions\/security-hardening-your-deployments\/about-security-hardening-with-openid-connect\" target=\"_blank\" rel=\"noopener\">GitHub Actions OIDC<\/a><\/strong><br \/>Workload Identity Federation pour GitHub Actions \u2014 \u00e9liminer les credentials cloud de longue dur\u00e9e.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/short-lived-credentials-workload-identity-federation-ci-cd\/\">\u2192 Guide : Workload Identity Federation<\/a> | <a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-configuring-oidc-workload-identity-github-actions-aws\/\">\u2192 Lab : OIDC avec AWS<\/a><\/li>\n<li><strong><a href=\"https:\/\/docs.gitlab.com\/ci\/secrets\/id_token_authentication\/\" target=\"_blank\" rel=\"noopener\">GitLab CI OIDC<\/a><\/strong><br \/>Authentification par ID token pour GitLab CI \u2014 credentials \u00e9ph\u00e9m\u00e8res pour l&rsquo;acc\u00e8s cloud.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/short-lived-credentials-workload-identity-federation-ci-cd\/\">\u2192 Guide : Workload Identity Federation<\/a><\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<h2 class=\"wp-block-heading\">Plateformes et \u00e9cosyst\u00e8mes CI\/CD<\/h2>\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/docs.github.com\/en\/actions\/security-for-github-actions\" target=\"_blank\" rel=\"noopener\">GitHub Actions<\/a><\/strong><br \/>Plateforme CI\/CD avec un \u00e9cosyst\u00e8me riche et des fonctionnalit\u00e9s de s\u00e9curit\u00e9 en croissance.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-hardening-github-actions-workflows-permissions-pinning-secrets\/\">\u2192 Lab : Durcissement de GitHub Actions<\/a><\/li>\n<li><strong><a href=\"https:\/\/docs.gitlab.com\/ci\/\" target=\"_blank\" rel=\"noopener\">GitLab CI\/CD<\/a><\/strong><br \/>Plateforme DevSecOps int\u00e9gr\u00e9e avec des contr\u00f4les de s\u00e9curit\u00e9 natifs.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-securing-gitlab-ci-pipelines-protected-variables-runners-environments\/\">\u2192 Lab : S\u00e9curisation de GitLab CI<\/a><\/li>\n<li><strong><a href=\"https:\/\/tekton.dev\/\" target=\"_blank\" rel=\"noopener\">Tekton<\/a><\/strong><br \/>Framework CI\/CD Kubernetes-natif pour construire des pipelines personnalis\u00e9s.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-secure-build-pipeline-tekton-tekton-chains\/\">\u2192 Lab : Tekton et Tekton Chains<\/a><\/li>\n<li><strong><a href=\"https:\/\/github.com\/actions\/runner-controller\" target=\"_blank\" rel=\"noopener\">Actions Runner Controller (ARC)<\/a><\/strong><br \/>Op\u00e9rateur Kubernetes pour des runners GitHub Actions \u00e9ph\u00e9m\u00e8res et auto-scalables.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-ephemeral-self-hosted-runners-actions-runner-controller\/\">\u2192 Lab : Runners \u00e9ph\u00e9m\u00e8res avec ARC<\/a><\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<h2 class=\"wp-block-heading\">Mod\u00e9lisation des menaces et attaques<\/h2>\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/owasp.org\/www-project-top-10-ci-cd-security-risks\/\" target=\"_blank\" rel=\"noopener\">OWASP Top 10 CI\/CD Risks<\/a><\/strong><br \/>Le mod\u00e8le de menaces de r\u00e9f\u00e9rence pour les risques de s\u00e9curit\u00e9 des pipelines CI\/CD.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/threats-attacks\/ci-cd-pipelines-primary-attack-surface\/\">\u2192 Guide : Les pipelines CI\/CD comme surface d&rsquo;attaque<\/a><\/li>\n<li><strong><a href=\"https:\/\/www.cidersecurity.io\/top-10-cicd-security-risks\/\" target=\"_blank\" rel=\"noopener\">Poisoned Pipeline Execution (PPE)<\/a><\/strong><br \/>Risque OWASP CI\/CD n\u00b02 \u2014 un attaquant modifie le code du pipeline ou les scripts de build via des pull requests.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-exploiting-defending-poisoned-pipeline-execution-ppe\/\">\u2192 Lab : Exploitation et d\u00e9fense contre le PPE<\/a><\/li>\n<li><strong><a href=\"https:\/\/medium.com\/@alex.birsan\/dependency-confusion-4a5d60fec610\" target=\"_blank\" rel=\"noopener\">Dependency confusion (Alex Birsan, 2021)<\/a><\/strong><br \/>Recherche originale ayant compromis Apple, Microsoft et Tesla via la r\u00e9solution de noms des gestionnaires de paquets.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/dependency-confusion-artifact-poisoning-attacks-defenses\/\">\u2192 Guide : Dependency Confusion et empoisonnement d&rsquo;artefacts<\/a> | <a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/lab-simulating-dependency-confusion-attack-sandbox\/\">\u2192 Lab : Simulation de Dependency Confusion<\/a><\/li>\n<li><strong><a href=\"https:\/\/secure-pipelines.com\/fr\/threats-attacks\/ci-cd-threat-modeling-trust-boundaries-attack-paths\/\">Mod\u00e9lisation des menaces CI\/CD<\/a><\/strong><br \/>Analyse des fronti\u00e8res de confiance et des chemins d&rsquo;attaque dans les pipelines CI\/CD.<br \/><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/ci-cd-execution-models-trust-assumptions-security-guide-2\/\">\u2192 Guide : Mod\u00e8les d&rsquo;ex\u00e9cution et hypoth\u00e8ses de confiance<\/a><\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<h2 class=\"wp-block-heading\">Guides comparatifs<\/h2>\n<p>Des comparatifs approfondis pour vous aider \u00e0 choisir les bons outils pour votre stack de s\u00e9curit\u00e9 CI\/CD.<\/p>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/ci-cd-security-scanners-compared-trivy-grype-snyk-checkov\/\">Scanners de s\u00e9curit\u00e9 CI\/CD compar\u00e9s \u2014 Trivy vs Grype vs Snyk vs Checkov<\/a><\/li>\n<li><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/container-image-signing-tools-compared-cosign-notation-gpg\/\">Outils de signature de conteneurs compar\u00e9s \u2014 Cosign vs Notation vs GPG<\/a><\/li>\n<li><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/sbom-tools-compared-syft-trivy-cyclonedx-cli\/\">Outils SBOM compar\u00e9s \u2014 Syft vs Trivy vs CycloneDX CLI<\/a><\/li>\n<li><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/ci-cd-policy-engines-compared-opa-kyverno-sentinel-cedar\/\">Moteurs de politiques CI\/CD compar\u00e9s \u2014 OPA vs Kyverno vs Sentinel vs Cedar<\/a><\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<h2 class=\"wp-block-heading\">Cheat sheets et r\u00e9f\u00e9rences rapides<\/h2>\n<p>Des r\u00e9f\u00e9rences concises, pr\u00eates \u00e0 copier-coller, pour les t\u00e2ches quotidiennes de s\u00e9curit\u00e9 CI\/CD.<\/p>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/github-actions-security-cheat-sheet\/\">GitHub Actions Security Cheat Sheet \u2014 Permissions, \u00e9pinglage, secrets et OIDC<\/a><\/li>\n<li><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/gitlab-ci-security-cheat-sheet\/\">GitLab CI Security Cheat Sheet \u2014 Variables, runners, environnements et OIDC<\/a><\/li>\n<li><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/owasp-top-10-ci-cd-risks-explained-real-world-examples\/\">OWASP Top 10 des risques CI\/CD \u2014 Expliqu\u00e9s avec des exemples concrets<\/a><\/li>\n<li><a href=\"https:\/\/secure-pipelines.com\/fr\/ci-cd-security\/slsa-levels-explained-practical-compliance-checklist\/\">Niveaux SLSA \u2014 Checklist de conformit\u00e9 pratique<\/a><\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<h2 class=\"wp-block-heading\">R\u00e9f\u00e9rences externes<\/h2>\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/owasp.org\/\" target=\"_blank\" rel=\"noopener\">OWASP Foundation<\/a><\/strong><br \/>Ressources ouvertes de s\u00e9curit\u00e9 et mod\u00e8les de menaces.<\/li>\n<li><strong><a href=\"https:\/\/tag-security.cncf.io\/\" target=\"_blank\" rel=\"noopener\">CNCF TAG Security<\/a><\/strong><br \/>Initiatives et bonnes pratiques cloud-natives autour de la s\u00e9curit\u00e9 de la cha\u00eene d&rsquo;approvisionnement.<\/li>\n<li><strong><a href=\"https:\/\/csrc.nist.gov\/\" target=\"_blank\" rel=\"noopener\">NIST CSRC<\/a><\/strong><br \/>Standards et directives de s\u00e9curit\u00e9 li\u00e9s au d\u00e9veloppement logiciel et aux cha\u00eenes d&rsquo;approvisionnement.<\/li>\n<li><strong><a href=\"https:\/\/openssf.org\/\" target=\"_blank\" rel=\"noopener\">OpenSSF (Open Source Security Foundation)<\/a><\/strong><br \/>Collaboration intersectorielle sur la s\u00e9curit\u00e9 des logiciels open source, incluant Scorecard, SLSA et Sigstore.<\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<h2 class=\"wp-block-heading\">\u00c9cosyst\u00e8me associ\u00e9<\/h2>\n<p>Pour les aspects de conformit\u00e9, gouvernance et r\u00e9glementation du DevSecOps et du CI\/CD, consultez <strong><a href=\"https:\/\/regulated-devsecops.com\" target=\"_blank\" rel=\"noopener\">regulated-devsecops.com<\/a><\/strong>.<\/p>\n<p>Les deux sites sont con\u00e7us pour se compl\u00e9ter :<\/p>\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/secure-pipelines.com\/fr\/\">Secure Pipelines<\/a><\/strong> : impl\u00e9mentation technique et pratiques d&rsquo;ing\u00e9nierie<\/li>\n<li><strong><a href=\"https:\/\/regulated-devsecops.com\" target=\"_blank\" rel=\"noopener\">Regulated DevSecOps<\/a><\/strong> : gouvernance, auditabilit\u00e9 et conformit\u00e9<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Cette page rassemble les mat\u00e9riaux de r\u00e9f\u00e9rence, outils et ressources techniques li\u00e9s \u00e0 la s\u00e9curit\u00e9 CI\/CD et \u00e0 la protection de la cha\u00eene d&rsquo;approvisionnement logicielle. Les ressources list\u00e9es ici sont s\u00e9lectionn\u00e9es pour leur pertinence, leur profondeur technique et leur utilit\u00e9 pratique. Standards et frameworks SLSA (Supply-chain Levels for Software Artifacts)Framework pour am\u00e9liorer l&rsquo;int\u00e9grit\u00e9 des builds &#8230; <a title=\"Ressources\" class=\"read-more\" href=\"https:\/\/secure-pipelines.com\/fr\/resources\/\" aria-label=\"En savoir plus sur Ressources\">Lire la suite<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":31,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-59","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/secure-pipelines.com\/fr\/wp-json\/wp\/v2\/pages\/59","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secure-pipelines.com\/fr\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/secure-pipelines.com\/fr\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/fr\/wp-json\/wp\/v2\/comments?post=59"}],"version-history":[{"count":1,"href":"https:\/\/secure-pipelines.com\/fr\/wp-json\/wp\/v2\/pages\/59\/revisions"}],"predecessor-version":[{"id":751,"href":"https:\/\/secure-pipelines.com\/fr\/wp-json\/wp\/v2\/pages\/59\/revisions\/751"}],"wp:attachment":[{"href":"https:\/\/secure-pipelines.com\/fr\/wp-json\/wp\/v2\/media?parent=59"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}