What I Found Scanning 30 Open-Source Repositories for CI/CD Identity Risks

What I Found Scanning 30 Open-Source Repositories for CI/CD Identity Risks Over the last few months I’ve been spending time looking into something that quietly sits behind most modern systems: machine identities. We spend a lot of time securing human access - MFA, SSO, password policies, phishing protection. But in most production environments today, machines perform far more actions than people do. APIs. Service accounts. CI/CD workflows. Cloud roles. Automation jobs. These identities deploy code, push containers, rotate infrastructure, and connect services together. Yet they rarely receive the same level of visibility or scrutiny. That curiosity is what eventually led me to start building Nexora, and along the way I wrote a small research tool called nexora-cli. The CLI scans repository workflow configurations to highlight patterns that often introduce machine-identity risk. Nothing invasive. No private code. No secrets. Just configuration analysis. The Experiment I ran the scanner a