Securing the Pipeline - Protecting Self-Hosted GitHub Runners
Security BSides San Francisco via YouTube
Overview
Explore critical security considerations for organizations using GitHub Actions with self-hosted runners in this 51-minute conference talk from BSidesSF 2023. Learn how attackers can potentially gain an internal network foothold from the Internet by compromising a single developer's personal GitHub access token. Discover key configuration adjustments and best practices to secure CI/CD pipelines and mitigate the potential damage from a breach. Gain valuable insights into protecting your development infrastructure and maintaining the integrity of your software delivery process.
Syllabus
BSidesSF 2023 - Securing the Pipeline: Protecting Self-Hosted GitHub Runners (Adnan Khan)
Taught by
Security BSides San Francisco