GitLab CI/CD Compliance
github.comI’m explicitly looking for people to tear this apart: if you assume a hostile developer who controls .gitlab-ci.yml but not the platform, can you design a CI/CD compliance model on GitLab that actually can’t be bypassed. And if you think you can, please explain how, and if you think it’s impossible, I want to hear that too.
I want to know if my CLI actually helps or if it misses the point of supply-chain defense and compliance.
If it meets the guidelines, this might make a good 'Show HN'. Show HN guidelines: https://news.ycombinator.com/showhn.html