Explore critical security considerations for organizations using GitHub Actions with self-hosted runners in this 51-minute conference talk from BSidesSF 2023. Learn how attackers can potentially gain an internal network foothold from the Internet by compromising a single developer's personal GitHub access token. Discover key configuration adjustments and best practices to secure CI/CD pipelines and mitigate the potential damage from a breach. Gain valuable insights into protecting your development infrastructure and maintaining the integrity of your software delivery process.
Securing the Pipeline - Protecting Self-Hosted GitHub Runners
Security BSides San Francisco via YouTube
Overview
Syllabus
BSidesSF 2023 - Securing the Pipeline: Protecting Self-Hosted GitHub Runners (Adnan Khan)
Taught by
Security BSides San Francisco
Related Courses
-
GitHub Actions Certification - Full Course to Pass the Exam
-
Grand Theft Actions - Abusing Self-Hosted GitHub Runners for Supply Chain Attacks
-
AZ-400: Implement CI with Azure Pipelines and GitHub Actions
-
Deploying GitHub Self-Hosted Runners on Kubernetes with ARC
-
How to Use GitHub Actions with Security in Mind
-
How to Secure Your GitHub Actions
