Is your CI/CD Pipeline your Biggest Security Risk?

Sep 13, 2024

Mike Ruth, a Senior Staff Security Engineer at Rippling, discusses the hidden vulnerabilities in CI/CD pipelines during a live segment from BlackHat 2024. He reveals how tools like GitHub Actions and Terraform can pose serious security risks, such as bypassing code reviews and unauthorized command execution. Mike emphasizes the importance of granular access control and offers actionable strategies to mitigate these vulnerabilities, enhancing security in cloud environments and safeguarding against insider and external threats.

Ask episode

Chapters

Transcript

Episode notes

Intro

00:00 • 2min

Navigating Cloud Security in CI/CD Environments

02:26 • 10min

Securing CI/CD Pipelines with Terraform

12:09 • 14min

Personal Reflections and New Adventures

25:40 • 2min

Climbing Safety and Route Setting in Bouldering

27:54 • 2min