Continuous Integration and Continuous Deployment (CI/CD) pipelines are the backbone of modern software development, enabling efficient and reliable application delivery. However, as these pipelines become more integral to our workflows, they also present significant security challenges. Without proper safeguards, vulnerabilities within CI/CD systems can serve as entry points for supply chain attacks and other exploits. This session delves into best practices for fortifying CI/CD pipelines, drawing on real-world incidents to illustrate common pitfalls and the tactics employed by malicious actors. Attendees will gain actionable insights to identify and address vulnerabilities, ensuring their CI/CD processes are both secure and resilient against emerging threats.

What you will learn

Identify common security risks inherent in CI/CD pipelines and learn strategies to mitigate them
To identify and rectify common misconfigurations in CI/CD tools and environments that can lead to security breaches
Understand the risks associated with third-party dependencies and the best practices to prevent exploitation