CI/CD Pipeline Security
Video from DDD:
Video from BSides NCL:
Recently I was tasked with building a CI/CD pipeline for a new project from scratch. This was great fun of course, but there were a huge amount of security concerns that I had to deal with along the way.
In this session, we'll cover the essential steps in building secure pipelines - from making sure that keys and other secrets aren't leaked in plain text in logs, ensuring nobody tampers with your Docker images, to evergreen dependency management. There's a surprising depth to this! You may be familiar with terms such as "principle of least privilege" - we'll go into how we can apply this when building, testing and deploying code through our delivery pipeline.
You will come out of this session with a better understanding of DevSecOps, gaining practical tips that you can use when building out your delivery pipelines back at work.
Presented At
- Developer! Developer! Developer! Day on December 12, 2020
- BSides Newcastle on September 4, 2020