Enhancing CI/CD security with provenance metadata and supply chain best practices

Continuous Integration and Continuous Delivery (CI/CD) pipelines have transformed modern software development by enabling faster release cycles, increased collaboration, and improved automation. However, these benefits also introduce complex security challenges, particularly within software supply chains. As the sophistication of cyber threats evolves, adversaries are increasingly targeting CI/CD environments to infiltrate trusted software delivery processes. This journal article presents a comprehensive exploration of how integrating provenance metadata and adopting supply chain security best practices can mitigate these risks. Through analysis of recent cyber incidents, industry-standard frameworks, and detailed technical implementations, this paper outlines a practical and scalable approach for securing CI/CD pipelines. It emphasizes the role of transparency, traceability, and verification in building resilient DevOps workflows and provides actionable recommendations for both practitioners and researchers.