Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Syllabus
Intro
Notable Incidents
Fundamental Disconnect . We have developed tremendous tooling and automation that allows us to create secure, reliable software at a scale not previously considered
Threat Modeling Overview
Confidentiality Impact
Availability Impact
Supporting Infrastructure
The Perimeter is the Problem
Example CI/CD Pipeline Dataflow
Follow a Code Change
General/Overarching Concerns
Source Repository and Workflow Engine
Open Source Component Management
Open Source Backdoor Concerns
Build Management
Security Testing and Backdoors
Software Packaging and Distribution
Software Packaging - Monolithic applications vs. Microservice applications
Software Distribution
Using the Threat Model
Vendor Management
Potential Argument Discussion Points
Questions
Taught by
OWASP Foundation
Related Courses
Cloud DevOps EngineerUdacity DevOps CI/CD Pipeline: Automation from development to deployment
Universidad Anáhuac via edX DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX Docker - SWARM - Hands-on - DevOps
Udemy Docker and Kubernetes: The Complete Guide
Udemy