Pwning the CI (GitHub Actions Edition)


Posted on in Presentations

Our path to an open source, GitOps heaven has exposed new security challenges as our CI solutions are exposed to the outside world. The soft underbelly of our pipeline is as visible to willing contributors as it is to malicious subversives. In this talk, we'll look at examples of known exploits to GitHub Actions workflows showing how simple bad practices can open our supply chain to attackers.


Participants
Stephen Giguere

Speaker

Cloud Security Advocate, Palo Alto Networks


Share With Your Community