How to Have Visibility and Security of CI/CD Ecosystem - Track 2 Session 6

Explore the critical aspects of visibility and security in CI/CD ecosystems in this 40-minute conference talk. Gain insights into the challenges of securing CI/CD platforms, which process sensitive data and play a crucial role in the software supply chain. Learn how to approach visibility and security of CI/CD ecosystems, covering common attack areas such as access controls, credentials hygiene, and misconfigurations. Discover two new open-source projects: CICDGuard, a graph-based CI/CD ecosystem visualizer and security analyzer, and ActionGOAT, a deliberately vulnerable GitHub Action for learning purposes. Presented by Pramod Rana, an experienced security professional and open-source project author, this talk offers practical solutions and best practices for enhancing the security of your CI/CD infrastructure.

Track 2 06 How To Have Visibility And Security OF CICD Ecosystem