this post was submitted on 07 Jul 2023
4 points (100.0% liked)

Security CPE

369 readers
1 users here now

Video and audio media that count towards your CPE (Continuing Professional Education) requirements for GIAC, CISSP, CISM, CRISC, CCSP, CompTIA certs.

Mostly conference talks and podcasts.

FAQ

founded 2 years ago
MODERATORS
ashar
4
Pwning the CI - GitHub Actions Edition - RSA Conference - Stephen Giguere - 35 minutes (youtu.be)
submitted 2 years ago by ashar to c/security_cpe
0 comments fedilink hide all child comments
 

Body https://youtu.be/Rn9VuC0jQRQ

Our path to an open source, GitOps heaven has exposed new security challenges as our CI solutions are exposed to the outside world. The soft underbelly of our pipeline is as visible to willing contributors as it is to malicious subversives. In this talk, we’ll look at examples of known exploits to GitHub Actions workflows showing how simple bad practices can open our supply chain to attackers.

https://www.rsaconference.com/library/presentation/usa/2023/Pwning the CI GitHub Actions Edition

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here