#37 - A conversation about securing the build pipeline with Adnan Khan, Lead Security Engineer at Praetorian
The Cybersecurity Defenders Podcast · Christopher
Audio is streamed directly from the publisher (podcast.wistia.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
On today's episode of The Cybersecurity Defenders Podcast we are joined by security engineer Adnan Khan to talk about securing the build pipeline and explore some common vulnerabilities in enterprise Github configurations.
Organizations using GitHub Actions with self-hosted runners are at risk of attackers gaining an internal network foothold from the Internet if they compromise one developer’s personal GitHub access token. Key configuration adjustments can secure these pipelines and limit the damage from a breach.
Adnan's talk at BSidesSF: Securing the Pipeline: Protecting Self-Hosted HitHub Runners
The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.