Securing CI/CD Pipelines - Exploring Vulnerabilities In Workflows

Explore the security challenges and vulnerabilities in CI/CD pipelines, particularly focusing on GitHub Actions, in this informative conference talk. Delve into the threat model for popular CI/CD platforms and learn about the increased risks to the software supply chain due to additional dependencies and code complexity. Discover a taint tracking tool specifically designed to identify code injection bugs in GitHub Workflows. Examine real-world examples from over 23,000 bugs found by this tool, gaining valuable insights into securing your development processes. Enhance your understanding of DevSecOps and vulnerability management in the context of modern software development workflows.

Securing CI/CD Pipelines: Exploring Vulnerabilities In Workflows by Siddharth Muralee | Nullcon Goa