Explore the critical aspects of visibility and security in CI/CD ecosystems in this 40-minute conference talk. Gain insights into the challenges of securing CI/CD platforms, which process sensitive data and play a crucial role in the software supply chain. Learn how to approach visibility and security of CI/CD ecosystems, covering common attack areas such as access controls, credentials hygiene, and misconfigurations. Discover two new open-source projects: CICDGuard, a graph-based CI/CD ecosystem visualizer and security analyzer, and ActionGOAT, a deliberately vulnerable GitHub Action for learning purposes. Presented by Pramod Rana, an experienced security professional and open-source project author, this talk offers practical solutions and best practices for enhancing the security of your CI/CD infrastructure.
How to Have Visibility and Security of CI/CD Ecosystem - Track 2 Session 6
Overview
Syllabus
Track 2 06 How To Have Visibility And Security OF CICD Ecosystem
Taught by
HackMiami
Related Courses
-
Continuous Integration and Continuous Delivery (CI/CD)
-
GitHub Supply Chain Security Using GitGat
-
The Complete Jenkins DevOps CI/CD Pipeline Bootcamp
-
How to Have Visibility and Security of a CI/CD Pipeline
-
OIDC and CI/CD: Reducing Security Threats in Your CI Pipeline
-
Securing CI/CD Systems Through eBPF
