Overview
Explore the critical security implications of CI/CD pipelines in this 17-minute conference talk from SREcon24 Americas. Discover why CI pipelines pose significant security threats due to their abundance of credentials and widespread access within organizations. Learn essential strategies for enhancing supply chain security by implementing proper branch permissions and leveraging OpenID Connect (OIDC) to minimize long-lived credentials and establish secure connections between branches and roles. Gain valuable insights from Mark P Hahn of Qualys and Ted Hahn of TCB Technologies on reducing attack surfaces and fortifying your CI/CD processes against potential vulnerabilities.
Syllabus
SREcon24 Americas - OIDC and CICD: Why Your CI Pipeline Is Your Greatest Security Threat
Taught by
USENIX