Protect Yourself Against Supply Chain Attacks – Rob Bos – NDC Security 2022
Attacks against your pipelines are more and more common these days. We’ll go over the attack vectors you need to be aware of and how someone could potentially misuse a simple setting to hijack your environment, with very large consequences.
From breaking out of your shell scripts in the CI/CD pipeline, misusing typo’s in third packages or even squatting your internal package names on a public repository: there are lots of ways to get into your pipeline!