starts in 10 seconds
Stephen Giguere – Pwning the CI Workflow and How to Prevent It

Stephen Giguere – Pwning the CI Workflow and How to Prevent It

Our journey to open source and GitOps heaven has exposed new security challenges as our CI platforms are exposed to the outside world. The soft underbelly of our development pipeline is visible as much to willing contributors as it is malicious subversives looking for the keys to the backdoor. In this talk, we’ll look at some known potential exploits to GitHub Actions workflows to show how simple misconfigurations or straight up bad practices can leave our supply chain wide open to attackers.

Share some ❤
Guest(s): Stephen Giguere

2022 DevSecOps Days

Jennifer Czaplewski - DevSecOps at Target

Jennifer Czaplewski - DevSecOps at Target

Julie Peterson & Orion Cassetto - Effectively Tackling Hardcoded Secrets With a Secret Management Maturity Model

Julie Peterson & Orion Cassetto - Effectively Tackling Hardcoded Secrets With a Secret Management Maturity Model

Robert Sirchia - Open Zero-Trust

Robert Sirchia - Open Zero-Trust

Dan Shugrue & Cole Herzog - How to Build a Blueprint for Secure Software

Dan Shugrue & Cole Herzog - How to Build a Blueprint for Secure Software

Joseph Woodwell - How Automation is the Only Choice for Security Professionals to Get in Front of the Zero-Day Challenge

Joseph Woodwell - How Automation is the Only Choice for Security Professionals to Get in Front of the Zero-Day Challenge

Jim Zemlin - 10 Streams of Investment for Open Source Security

Jim Zemlin - 10 Streams of Investment for Open Source Security

Reinventing Cybersecurity: Tales of Rebellion and Resistance

Reinventing Cybersecurity: Tales of Rebellion and Resistance

Mark Lambert - Scaling Application Security to the Speed of DevSecOps

Mark Lambert - Scaling Application Security to the Speed of DevSecOps

Daniella Pontes - Automatically Prioritize Vulnerabilities Using Runtime Intelligence

Daniella Pontes - Automatically Prioritize Vulnerabilities Using Runtime Intelligence

Guy Gil - Reaping the Benefits of Your Dependencies

Guy Gil - Reaping the Benefits of Your Dependencies

Adam Such - What DevSecOps can learn from Elon Musk

Adam Such - What DevSecOps can learn from Elon Musk

Yuval Shchory - Beyond Unification: How CNAP Should Reduce Cloud Security Risk

Yuval Shchory - Beyond Unification: How CNAP Should Reduce Cloud Security Risk

Larry Maccherone - The 3 Ways of DevOps as the Keys to Developer-First Security

Larry Maccherone - The 3 Ways of DevOps as the Keys to Developer-First Security

John Willis - Out of the Crisis - What Would Deming Do?

John Willis - Out of the Crisis - What Would Deming Do?

Caroline Wong - Pentesting at Scale

Caroline Wong - Pentesting at Scale

Priyanka Sharma & Frederick Kautz - Cloud-Native and DevSecOps

Priyanka Sharma & Frederick Kautz - Cloud-Native and DevSecOps

Alan Shimel - 2022 DevSecOps Days Opening

Alan Shimel - 2022 DevSecOps Days Opening

Chenxi Wang, PH.D - Software Supply Chain Security:  Buzzwords or A Sustainable Market?

Chenxi Wang, PH.D - Software Supply Chain Security: Buzzwords or A Sustainable Market?

Eddie Glenn - How to Prevent the Most Common Kubernetes Security Problems

Eddie Glenn - How to Prevent the Most Common Kubernetes Security Problems

Eric Maxwell - Best Practices for Adopting DevSecOps Principles

Eric Maxwell - Best Practices for Adopting DevSecOps Principles

The Security Policy and Standards Landscape is Changing – What Developers Need to Know

The Security Policy and Standards Landscape is Changing – What Developers Need to Know

Brian Reed - Developer First Security for Screaming Fast Mobile Pipelines with GitHub & NowSecure

Brian Reed - Developer First Security for Screaming Fast Mobile Pipelines with GitHub & NowSecure

Jessica Marie - API Catalog: The First Step in Protecting your APIs

Jessica Marie - API Catalog: The First Step in Protecting your APIs

Mitch Ashley - The Rise of API Security: It’s 10pm—Do You Know Where Your APIs Are?

Mitch Ashley - The Rise of API Security: It’s 10pm—Do You Know Where Your APIs Are?

ARE YOU IN?

Get enhanced value from the site through the exclusive “members-only” content. 200,000+ subscribers already enjoy our premium stuff.