|Organizers||Imran Mohammed A , Francois Raynaud Francois Raynaud|
|Participants||Arne Zismer , Franziska Buehler , Claudio Camerino Claudio Camerino , Mario Platt Mario Platt|
This Working Session will consider the securing of the CI Pipeline - A key element of DevOps.
Doing CI builds, testing, and deployments have many advantages when done correctly. Using libraries from 3rd parties in your build can be on compromised servers. Even signing your packages or artifacts automatically could result in you delivering compromised software to others.
- Identify best practice for DevOps and Developers
- Agree what to include in a cheat sheet for developers who use third party services
- Agree recommendations for 3rd party service providers (for example, provide warning messages of possible insecurities)
This Working Session will publish:
- A set of practices for DevOps and Developers
- Cheat sheet for developers who use third party services
- Recommendations for 3rd party service providers
- 3rd party service providers: Travis, SNYK, Codiscope, Gitlab, Node Security, ….
- Security professionals
- How to Secure a Continuous Integration Process
- DEF CON 22 - Kyle Kelley and Greg Anderson - Is This Your Pipe? Hijacking the Build Pipeline
Previous Summit Working Session
Register as participant
To register as participant add
Securing the CI Pipeline to either:
sessionsmetadata field from your participant's page (find your participant page and look for the edit link).
- or the
participantsmetadata field from this git session page
Back to list of all Working Sessions