Explore the security challenges and vulnerabilities in CI/CD pipelines, particularly focusing on GitHub Actions, in this informative conference talk. Delve into the threat model for popular CI/CD platforms and learn about the increased risks to the software supply chain due to additional dependencies and code complexity. Discover a taint tracking tool specifically designed to identify code injection bugs in GitHub Workflows. Examine real-world examples from over 23,000 bugs found by this tool, gaining valuable insights into securing your development processes. Enhance your understanding of DevSecOps and vulnerability management in the context of modern software development workflows.
Securing CI/CD Pipelines - Exploring Vulnerabilities In Workflows
Overview
Syllabus
Securing CI/CD Pipelines: Exploring Vulnerabilities In Workflows by Siddharth Muralee | Nullcon Goa
Taught by
nullcon
Related Courses
-
Continuous Integration and Continuous Delivery (CI/CD)
-
Continuous Integration and Delivery (CI/CD)
-
CI/CD for Machine Learning
-
DevSecOps : Master Securing CI/CD | DevOps Pipeline(2023)
-
Command Injection Vulnerabilities in CI/CD Pipelines - Securing Bazel GitHub Actions
-
Best Practices for Securing CI - CD Pipeline
