Explore the security challenges in CI/CD pipelines, specifically focusing on GitHub Actions, in this 35-minute conference talk from RSA Conference. Discover how open source and GitOps practices have exposed new vulnerabilities in continuous integration solutions. Learn about known exploits targeting GitHub Actions workflows and understand how simple bad practices can compromise the security of your software supply chain. Gain valuable insights from Stephen Giguere, Cloud Security Advocate at Palo Alto Networks, as he demonstrates the potential risks and attack vectors that malicious actors can exploit in poorly configured CI environments.
Overview
Syllabus
Pwning the CI (GitHub Actions Edition)
Taught by
RSA Conference
