Techorama NL: Protect yourself against supply chain attacks

Placeholder for sharing the slide deck for Techorama: session link

Abstract:

Attacks against your pipelines are more and more common these days. We’ll go over the attack vectors you need to be aware of and how someone could potentially misuse a simple setting to hijack your environment, with very large consequences. From breaking out of your shell scripts in the CI/CD pipeline, misusing typo’s in third party packages or even squatting your internal package names on a public repository: there are lots of ways to get into your pipeline!

Slides: