Presentation Material
Abstract
In this talk, I will present how an organization can approach the visibility and thus security OF CICD ecosystem, some common attack areas - access controls, credentials hygiene, misconfiguration etc. & possible solutions. I will introduce CICDGuard - a graph based CICD ecosystem visualizer & security analyzer.
CICD platforms are an integral part of the overall software supply chain and it processes a lot of sensitive data, compromise of which can affect the entire organization. Security IN CICD is a well discussed topic, security OF CICD deserves the same attention.
One of the challenges with security OF CICD, like most areas of security, is the lack of visibility of what actually makes a CICD ecosystem. Security starts with being aware of what needs to be secure.
CICDGuard is a graph based CICD ecosystem visualizer and security analyzer, which
- Represents entire CICD ecosystem in graph form, providing intuitive visibility and solving the awareness problem
- Identifies common security flaws across supported technologies and provides industry best practices and guidelines for identified flaws
- Technologies supported - GitHub, GitHub Action, Jenkins, JFrog, Spinnaker, Drone