argo-cd
Safeguard articles tagged "argo-cd" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Securing the Argo CD to Kubernetes GitOps Pipeline
One symlinked Helm values file (CVE-2022-24348, CVSS 7.7) let attackers read secrets across Argo CD tenants — GitOps trust needs hardening, not just adoption.
The GitOps security model: risks and controls
GitOps turns a Git repo into a deploy button — Argo CD's own CVE-2022-24348 path traversal proved what happens when that button isn't locked down.
What is GitOps Security
GitOps turns your Git repo into the source of truth for production, so one bad commit or stolen credential can mean a full cluster takeover.
Argo CD Path Traversal via Malicious Helm Chart values.ya...
CVE-2022-24348 let attackers use a malicious Helm chart to path-traverse Argo CD's repo-server, exposing secrets across GitOps applications. Here's the fix.
CVE-2025-55190 in Argo CD: Patch Posture & SBOM Response
Argo CD project details API leaks repository credentials, scored CVSS 9.9. GitOps platforms are now top-tier credential targets. Defender playbook below.