Post-Quantum Cryptography Integration in CI/CD Pipelines: Future-Proofing Software Supply Chains

The advent of quantum computing poses an existential threat to classical cryptographic algorithms underpinning modern DevOps workflows. This paper explores the integration of post-quantum cryptography (PQC) into CI/CD pipelines to safeguard code signing, artifact validation, and dependency management against quantum attacks. Aligned with NIST’s ongoing standardization efforts, we analyze lattice-based, hash-based, and code-based algorithms, evaluate their performance in DevOps environments, and propose frameworks for cryptographic agility, hybrid adoption, and lifecycle management. Performance benchmarks, compliance challenges, and mitigation strategies are quantified, emphasizing urgency due to the elongated software lifecycle and imminent quantum threats.