Is your CI/CD Pipeline your Biggest Security Risk?
How CI/CD Tools can expose your Code to Security Risks? In this episode, we’re joined by Mike Ruth, Senior Staff Security Engineer at Rippling and returning guest, live from BlackHat 2024. Mike dives deep into his research on CI/CD pipeline security, focusing on popular tools like GitHub Actions, Terraform, and Buildkite. He reveals the hidden vulnerabilities within these tools, such as the ability for engineers to bypass code reviews, modify configuration files, and run unauthorized commands in production environments.
Mike explains how the lack of granular access control in repositories and CI/CD configurations opens the door to serious security risks. He shares actionable insights on how to mitigate these issues by using best practices like GitHub Environments and Buildkite Clusters, along with potential solutions like static code analysis and granular push rule sets. This episode provides critical advice on how to better secure your CI/CD pipelines and protect your organization from insider threats and external attacks.
Questions asked:
00:00 Introductions
01:56 A word from episode sponsor - ThreatLocker
02:31 A bit about Mike Ruth
03:08 SDLC in 2024
08:05 Mitigating Challenges in SDLC
09:10 What is Buildkite?
10:11 Challenges observed with Buildkite
12:30 How Terraform works in the SDLC
15:41 Where to start with these CICD tools?
18:55 Threat Detection in CICD Pipelines
21:31 Building defensive libraries
23:58 Scaling solutions across multiple repositories
25:46 The Fun Questions
--------------------------------------------------------------------------------
📱Cloud Security Podcast Social Media📱
_____________________________________
🛜 Website: https://cloudsecuritypodcast.tv/
🧑🏾💻 Cloud Security Bootcamp - https://www.cloudsecuritybootcamp.com/
✉️ Cloud Security Newsletter - https://www.cloudsecuritynewsletter.com/
Twitter: / cloudsecpod
LinkedIn: / cloud-security-podcast
#cloudsecurity
Watch video Is your CI/CD Pipeline your Biggest Security Risk? online, duration hours minute second in high quality that is uploaded to the channel Cloud Security Podcast 01 January 1970. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 996 times and liked it 25 visitors.
