Prevention is mostly free. Detection is the hard part.

Here's the confession most security vendors in this space won't make: preventing the textbook CI/CD supply-chain attack costs about $0. It's config-level hygiene. So the honest question isn't "what stops it" — it's "what do you actually pay for?"

The free baseline

Take the canonical kill chain — stolen developer session → injected workflow → secrets exfiltrated. Almost every link has a free control that breaks it:

• ✓Phishing-resistant MFA (passkeys / FIDO2), enforced org-wideOrigin-bound keys can't be phished or replayed — breaks the chain at the entry. Free on all GitHub plans.$0
• ✓Runner egress allowlist in block modeHarden-Runner-style network control drops exfiltration to non-allowlisted hosts. Free for public repos; cheap for private.~$0
• ✓Workflow scanners (zizmor, octoscan, OpenSSF Scorecard)Catch the injection-flaw class and dangerous-workflow patterns. Open source.$0
• ✓SHA-pin actions + enforce branch protection & reviewsRemoves the silent-tag-swap and unreviewed-change vectors. Built in.$0
• ✓Keep app/CI private keys out of Actions secretsCloses the re-entry vector that turns a one-time breach into a ten-day one.$0

Do these and you've shut the front door on the majority of this attack class — for roughly the cost of a few afternoons. Any vendor who pitches you "we prevent supply-chain attacks" without first acknowledging this baseline is selling something a technical buyer will see through in one meeting.

So what's actually left to sell?

The free baseline is a wall. Walls have a known failure mode: they don't help once the attacker is already inside holding a valid, trusted credential.

Passkeys don't stop a fraudulent insider with a real badge. Egress allowlists don't flag a maintainer whose session was hijacked. Workflow scanners pass a malicious change that's syntactically clean.

That's the residual risk — and it's exactly the part you can't fix with config, because every signal looks legitimate in isolation. A trusted account did a permitted thing. The only way to catch it is to notice that the trusted login, the unreviewed workflow change, and the new egress destination form a shape — together, in a window — that no benign sequence does.

That's detection. And it's the hard part, which is why the median supply-chain breach runs 267 days while everyone's prevention checklist sits fully green.

The honest pitch

So here's ours, without the marketing varnish: do the free hygiene first. We'll even help you get the baseline right — it's the highest-ROI security work you can do, and we'd rather you do it than buy a tool to compensate for skipping it.

Then buy down what's left: the cases prevention structurally can't cover. That's not "another scanner" — it's watching the seam between identity and the pipeline for the moment your green checklist quietly stops being true, and turning a 267-day blind spot into a same-hour alert.