Home
Cloud
Cloud Security
Talks
Community
About Me

By Dharmesh Vaya in Cloud Security — Apr 28, 2023

CI/CD Security Risks

Here are some references around the Security aspects on CI/CD -

GitHub link to OWASP Top 10 Security Risks standards : https://github.com/cider-security-research/top-10-cicd-security-risks

PHP Compromise : https://github.com/cncf/tag-security/blob/main/supply-chain-security/compromises/2021/php.md

Travis CI Vulnerability : https://www.openraven.com/blog/analyzing-the-travis-ci-attack-and-exposure-of-developer-secrets

Poisoned Pipeline Execution (PPE) : https://medium.com/cider-sec/ppe-poisoned-pipeline-execution-34f4e8d0d4e9

StackOverflow breach : https://stackoverflow.blog/2021/01/25/a-deeper-dive-into-our-may-2019-security-incident/

Codecov breach : https://blog.gitguardian.com/codecov-supply-chain-breach/

Dependency Confusion : https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

Credential Hygiene in CI/CD : https://www.cidersecurity.io/blog/research/optimizing-ci-cd-credential-hygiene-a-comparison-of-ci-cd-solutions/

CI/CD Goat (A repo that allows you to setup a mock environment to try out different attacks on CI/CD made as a deliberately vulnerable environment) : https://github.com/cider-security-research/cicd-goat

Security on Google Cloud Platform : https://cloud.google.com/blog/topics/developers-practitioners/google-cloud-security-overview

Talk at Google Cloud Next 2022

Anthos 101

You might also like...

Top 10 AWS Security Services

Top 10 AWS Security Services

Here are the top 10 AWS security controls: 1. IAM (Identity and

Top 10 Cloud Security Vulnerabilities

Top 10 Cloud Security Vulnerabilities

Here are the top 10 cloud security vulnerabilities: 1. Misconfiguration. This is

Google Cloud Security Command Center (SCC)

Google Cloud Security Command Center (SCC)

Google Cloud Security Command Center: A Comprehensive Security Solution for Your Google

KloudZone © 2023

Dharmesh Vaya
KloudZone
@DRVaya

Powered by Ghost