Coming Soon — Leanpub & Amazon

Pipeline Trust

Automating Trust and Engineering Compliance in the Modern Software Supply Chain

From the founder of Build Flow Labs and creator of the Build Chain of Custody (BCoC) evidence standard. The definitive guide to zero-trust build governance.

Join the Waitlist
Amina Emenena

Pipeline
Trust

Build Flow Labs

The Missing Manual for Supply Chain Security

Your SBOM tells you what's inside the artifact. It tells you nothing about how it was built.

In a 60-day research pilot across 30 repositories, 67% had configurations vulnerable to software supply chain compromise. Only 12% would have triggered a compliance alert. That is 55% of risk completely invisible to existing governance.

Pipeline Trust introduces a zero-trust framework for build pipeline governance built on four principles: Invisible Security, Forensic Attestation via Build Chain of Custody (BCoC), Blast Radius Control, and Compliance as Code. Grounded in original doctoral research and real-world remediation experience, this book provides the framework, tools, and compliance mappings to bring structured governance to the most important and least protected surface in your software delivery lifecycle.

Table of Contents

Part 1 The Invisible Attack Surface
Ch 1: The Build Pipeline Is the New Perimeter
Ch 2: 67% Vulnerable, 12% Detected: The Compliance Gap
Ch 3: Anatomy of a Supply Chain Attack: From SolarWinds to Trivy
Part 2 The Framework — Automating Trust
Ch 4: Zero-Trust for Build Environments
Ch 5: Invisible Security: Compliance as a Side Effect of Shipping Code
Ch 6: Build Chain of Custody (BCoC): Forensic Attestation for Every Build
Ch 7: From SBOM to BCoC: Why Ingredient Lists Are Not Enough
Part 3 Implementation — Engineering Compliance
Ch 8: Compliance as Code: Policy Engines with OPA and Rego
Ch 9: Building a Compliance Drift Detection System in Go
Ch 10: OIDC, Short-Lived Tokens, and Eliminating Persistent Access
Ch 11: GitHub Actions Security: A Practical Hardening Guide
Ch 12: Blast Radius Control: Forensic Lookups Across Thousands of Repos
Ch 13: The Enterprise Blueprint: Deploying Continuous Compliance in Days
Part 4 Governance — Mapping to the Real World
Ch 14: Compliance Mapping: SOC 2, SOX, NIST, ISO, PCI-DSS, FedRAMP, CIS, HIPAA
Ch 15: Automating Audit Readiness
Ch 16: Building a Supply Chain Security Program from Scratch
Ch 17: The Future of Build Environment Security
Amina Emenena

About the Author

Amina Emenena is a D.Sc. candidate in Cybersecurity at George Washington University's School of Engineering and Applied Sciences, where her research on build environment risk governance was awarded Best Paper of Track at the ASBBS 33rd Annual Conference. She is the founder of Build Flow Labs, creator of the Build Chain of Custody (BCoC) evidence standard, and holds over 15 years of technical and engineering leadership experience including leading remediation for a major platform breach, unmanned aircraft software development, and an Intelligence Community engineering background.

Book Amina to Speak →

Be the First to Know

Join the waitlist to get notified when Pipeline Trust is available. Early subscribers will receive exclusive preview chapters.

Join Waitlist Read the Research