4 CI Security Best Practices to Prevent Cloud-Native Supply Chain AttacksDate: Jun 22, 20229:00AM PDT (UTC-7) CI/CD
Join Us for a Complimentary Live Webinar
Sponsored by Bridgecrew by Prisma Cloud
CI/CD pipelines are the heartbeat of cloud-native supply chains. Developers and DevOps teams depend on them every day to test, integrate, and deliver software, but as they become more exposed to the outside world, they can introduce new complexities and weaknesses. And as the saying goes, chains are only as strong as their weakest link.
In this talk, we’ll explore the security challenges that come with extensible CI pipelines and how simple CI workflow misconfigurations can leave our supply chain wide open to attackers. Using known potential exploits for platforms such as GitHub Actions, GitLab Runner, and CircleCI as a backdrop, we provide tips for locking down your CI to prevent entry points for supply chain attacks.
Barak Schoster, Senior Director, Chief Architect at Bridgecrew, Palo Alto Networks
Based in Tel Aviv, Barak spends his time helping teams secure cloud infrastructure, contributing to open source projects, and talking about all things infrastructure. Previously, Barak was co-founder and CTO of Bridgecrew and is the creator of open source IaC scanning Checkov. Follow him at @BarakSchoster.