Welcome to our comprehensive collection of learning resources for CI/CD Security! Here, you'll discover a curated list of the best learning materials we've assembled just for you.
Take a moment to explore these valuable resources, handpicked to enhance your understanding of CI/CD Security. We strive to provide the most up-to-date and informative content available.
- Top 10 CI/CD Security Risks
- Continuous Delivery 3.0 Maturity Model (CD3M)
- Visualizing CI/CD from an attacker’s perspective
- The Anatomy of an Attack Against a Cloud Supply Pipeline
- When Supply-Chain Attacks Meet CI/CD Infrastructures
- CI/CD Supply Chain Attacks for Data Exfiltration or Cloud Account Takeover
- Detecting Malicious Activity in CI/CD Pipeline with Tracee
- Let’s Hack a Pipeline: Argument Injection
- Let’s Hack a Pipeline: Stealing Another Repo
- Let’s Hack a Pipeline: Shared Infrastructure
- Poorly Configured CI/CD Systems Can Be A Backdoor Into Your Infrastructure
- Assess Vulnerabilities and Misconfigurations in CICD Pipelines: Part 1
- Assess Vulnerabilities and Misconfigurations in CICD Pipelines: Part 2
- Defending software build pipelines from malicious attack
- Cloud Native Best Practices: Security Policies in CI/CD Pipelines
- Abusing GitLab Runners
- Securing GitLab CI pipelines with Sysbox
- GitLab - Security for self-managed runners
- Critical GitLab vulnerability could allow attackers to steal runner registration tokens
- Self-hosted runner security
- GitHub Action Runners Analyzing the Environment and Security in Action
- Github Actions Security Best Practices
- Automatically Secure Your CI/CD Pipelines Using Tracee GitHub Action
- Attacking Jenkins
- Reflections on trusting plugins: Backdooring Jenkins builds
- Securing Jenkins
- How to Secure Jenkins Pipelines without the hassle
- Challenges to Securing CI/CD Pipelines
- Attacking Development Pipelines For Actual Profit
- Exploiting Continuous Integration (CI) and Automated Build systems
- Continuous Intrusion: Why CI Tools Are An Attacker's Best Friends
- How to Build a Compromise Resilient CI/CD
- Argo CD Security Practices
- 10 real-world stories of how we’ve compromised CI/CD pipelines
- CI/CD pipeline attacks: A growing threat to enterprise security
- Poisoned pipelines: Security researcher explores attack methods in CI environments
- Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects
- GitHub Actions being actively abused to mine cryptocurrency on GitHub servers
- Report: Software supply chain attacks increased 300% in 2021
- Critical vulnerability discovered in popular CI/CD framework
- Malicious Kubernetes Helm Charts can be used to steal sensitive information from Argo CD deployments
- New Attacks on Kubernetes via Misconfigured Argo Workflows
- Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
- Ransomware attacks on GitHub, Bitbucket, and GitLab – what you should know
- Compromising CI/CD Pipelines with Leaked Credentials
If you have any additional resources or links that you believe would benefit others, please feel free to contribute. Our goal is to create a repository of the best learning materials, ensuring everyone has access to top-notch content.
We appreciate your visit to this repository. If you find our initiatives valuable, kindly star this repository to show your support.
Thank you once again, and happy learning!