Pipelines Execute Critical Actions
Your CI/CD system deploys to production, applies infrastructure changes, publishes artifacts, and accesses secrets. These are high-risk, often irreversible actions.
TrigGuard adds a governance layer to your pipelines. Authorization happens at runtime, with cryptographic proof of every decision.
Platform Support
GitHub Actions
Native Action with OIDC authentication. Works with workflow artifacts and matrix builds.
GitLab CI
Pipeline integration with Job tokens. Works with protected environments.
CircleCI
Orb integration with context-based secrets management.
Jenkins
Pipeline library integration. Works with declarative and scripted pipelines.
What to Govern
GitHub Actions Example
name: Protected Deploy
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: TrigGuard Authorization
id: auth
uses: trigguard/authorize@v1
with:
api-key: ${{ secrets.TRIGGUARD_API_KEY }}
surface: deploy.release
action: deploy-production
- name: Deploy
if: steps.auth.outputs.decision == 'PERMIT'
run: |
echo "Authorized by: ${{ steps.auth.outputs.receipt_id }}"
./deploy.sh
- name: Store Receipt
uses: actions/upload-artifact@v4
with:
name: trigguard-receipt
path: ${{ steps.auth.outputs.receipt_path }}Compliance & Audit
Every pipeline execution that touches a protected surface produces a signed receipt. Store receipts as artifacts. Verify them during audits.
SOC 2
Demonstrate change management controls with cryptographic evidence.
ISO 27001
Document access control and authorization for system changes.
FedRAMP
Prove authorization for configuration changes to production systems.
Internal Audit
Answer "who authorized this change?" with verifiable proof.
Add Governance to Your Pipeline
Start protecting critical actions in your CI/CD system. Integration takes 10 minutes.