Placeholder for sharing the slide deck for Techorama: session link
Attacks against your pipelines are more and more common these days. We’ll go over the attack vectors you need to be aware of and how someone could potentially misuse a simple setting to hijack your environment, with very large consequences. From breaking out of your shell scripts in the CI/CD pipeline, misusing typo’s in third party packages or even squatting your internal package names on a public repository: there are lots of ways to get into your pipeline!