Rethinking CI/CD Pipeline Security - A Protected Resources Approach

Explore a critical Security BSides London conference talk that challenges conventional thinking about CI/CD pipeline security in the DevSecOps era. Learn how pipelines, which execute thousands of critical tasks daily for building, testing, and deploying code, can become potential security vulnerabilities despite integrated security tools and automation. Dive deep into the concept of Protected Resources and discover how this paradigm shift can enhance pipeline visibility, strengthen security protocols, and prevent potential attack vectors. Gain practical insights into improving observability, maintaining compliance, and implementing robust security measures for CI/CD systems. Master strategies for identifying pipeline interactions with various systems and resources while ensuring expected execution patterns and proper data handling in your DevSecOps environment.