Guy Sherman · @guysherman
11 followers · 117 posts · Server mastodon.nzWhy is anyone still using #circleci? This latest breach has happened at least once before. With the big cloud vendors all having perfectly serviceable CI/CD tooling on their platforms, and with alternatives like BuildKite, which use your own infrastructure to run the agents, why on earth would you hand over your secrets like this?
https://newsletter.pragmaticengineer.com/p/circlecis-unnoticed-holiday-security
#circleci #CyberSecuriy #infosec #cicd #cicdsecurity
Paul Reynolds :verified: · @ren
66 followers · 12 posts · Server infosec.exchange
Today from the Wiz Academy - Managing Supply Chain risks in CI/CD Pipelines.
https://www.wiz.io/academy/managing-supply-chain-risks-in-ci-cd-pipelines
#cybersecurity #cloudsecurity #cicdsecurity #devsecops
Astra Kernel :verified_paw: · @AstraKernel
119 followers · 176 posts · Server infosec.exchange
OWASP Top 10 CI/CD Security Risks:
https://owasp.org/www-project-top-10-ci-cd-security-risks/
https://owasp.org/blog/2022/11/10/top-10-cicd
#devops #cicd #devsecops #DevOpsSecurity #infosec #cicdSecurity
#owasp
#devops #cicd #devsecops #devopssecurity #infosec #cicdsecurity #owasp