Overview
Learn about securing CI/CD environments from runtime security principles in this technical talk that explores build environment vulnerabilities and secrets protection. Dive into the development of BOLT, an open-source security tool for GitHub Actions, and understand how runtime security concepts can be applied to CI/CD pipelines. Examine key challenges including domain-name based filtering requirements due to CDN usage and the complexities of handling multi-tenant system traffic. Discover how TLS interception and eBPF Linux kernel capabilities enable SSL traffic monitoring without decryption overhead, making security implementation seamless for developers. Explore the intricacies of implementing eBPF probing across various SSL libraries to create comprehensive security coverage for diverse CI pipelines.
Syllabus
Securing CI/CD: Complexity & Inspiration from Runtime Security - Abhimanyu Dhamija, KoalaLab
Taught by
OpenSSF