The Top 10 CI/CD Security Risks and CI/CD Goat - Daniel Krivelevich - ASW #220
Security Weekly Podcast Network (Video) · Security Weekly Productions
Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Cider Security's recently published research of the Top 10 CI/CD Security Risks acts to identify vulnerabilities to help defenders focus on areas to secure their CI/CD ecosystem. They created a free learning tool with a deliberately vulnerable environment to demonstrate these flaws -- "CI/CD Goat". Like similar tools, this helps appsec and devops teams gain a better understanding of major CI/CD security risks and, importantly, their appropriate countermeasures.
Segment Resources:
- https://www.cidersecurity.io/top-10-cicd-security-risks/
- https://github.com/cider-security-research/top-10-cicd-security-risks
- https://www.cidersecurity.io/blog/research/ci-cd-goat/
- https://github.com/cider-security-research/cicd-goat
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw220