CICD security: A new eldorado (talk) presented at BSides Las Vegas 2022

by Remi Escourrou, Xavier Sebaux,

Tags: Ground Floor

Summary : CI/CD pipelines are increasingly becoming part of the standard infrastructure within dev teams and with the rise of solutions such as Infrastructure as Code, the sensitivity level of such pipelines is escalating. In case of compromise, it is not just the applications that are at risk but the underlying systems themselves and sometimes the whole information systems. Attackers are beginning to exploit those weaknesses both for supply chains attacks but also to escalate their privileges within the victim IS.