Pwning the CI with GitHub Action Workflows - Security Challenges and Exploits
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the security vulnerabilities in CI platforms and GitHub Action workflows in this 28-minute conference talk from KubeCon + CloudNativeCon Europe 2023. Delve into the challenges posed by open source and GitOps practices, which expose development pipelines to potential threats. Learn how social engineering techniques and insecure GitHub configurations can be exploited by malicious actors. Witness live demonstrations of known abuses in GitHub Actions workflows, highlighting how default settings and poor practices can compromise the security of your supply chain. Gain valuable insights into protecting your CI/CD pipeline from potential attacks and strengthening your overall cybersecurity posture.
Syllabus
Pwning the CI (with GitHub Action Workflows) - Stephen Giguere, Bridgecrew
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Startup EngineeringStanford University via Coursera Developing Scalable Apps in Java
Google via Udacity Cloud Computing Concepts, Part 1
University of Illinois at Urbana-Champaign via Coursera Cloud Networking
University of Illinois at Urbana-Champaign via Coursera Cloud Computing Concepts: Part 2
University of Illinois at Urbana-Champaign via Coursera