Posted on
in Presentations
Many organizations opt for a CI/CD architecture that combines SaaS-based source control management systems with a self-managed CI solution not exposed to the public Internet. In this talk presenters will discuss a novel attack vector, allowing anyone on the Internet to abuse repository webhooks to do much more than trigger pipelines, and show how they accessed hundreds of internal CI systems in scale.
Share With Your Community