Overview
Explore the critical aspects of visibility and security in CI/CD ecosystems in this 40-minute conference talk. Gain insights into the challenges of securing CI/CD platforms, which process sensitive data and play a crucial role in the software supply chain. Learn how to approach visibility and security of CI/CD ecosystems, covering common attack areas such as access controls, credentials hygiene, and misconfigurations. Discover two new open-source projects: CICDGuard, a graph-based CI/CD ecosystem visualizer and security analyzer, and ActionGOAT, a deliberately vulnerable GitHub Action for learning purposes. Presented by Pramod Rana, an experienced security professional and open-source project author, this talk offers practical solutions and best practices for enhancing the security of your CI/CD infrastructure.
Syllabus
Track 2 06 How To Have Visibility And Security OF CICD Ecosystem
Taught by
HackMiami