Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CI CD

Securing Continuous Integration and Delivery Pipelines

Modern software development teams will have individual preferences about whether to use IDEs or which testing framework or coding convention to adopt. However, for teams that want to deliver high-quality software at a rapid pace, continuous integration and continuous delivery (CI/CD) is a must-have. Mature, high-performing dev teams lean heavily on their CI/CD pipeline. Because of this heavy dependence on CI/CD, ensuring the security of your CI/CD pipeline is incredibly important.

Cisco's CI/CD Pipeline Weaknesses:Hard-Coded Credentials & Misconfigurations Revealed

In recent weeks, reports have surfaced regarding a significant breach involving Cisco, exposing sensitive data from various organizations. This blog post delves into the details of the breach, the compromised data, the implicated companies, and the methods used by attackers to gain access to such critical information.

Exploring Best Practices and Modern Trends in CI/CD

Let’s start with statistics: continuous integration, deployment, and delivery is among the top IT investment priorities in 2023 and 2024. To be exact, according to GitLab’s 2024 Global DevSecOps report, it is on the 8th place (and security is the top priority!). However, it shouldn’t be surprising, as CI/CD practice brings a lot of benefits to IT teams – it helps to accelerate software delivery and detect vulnerabilities and bugs earlier.

Mission Possible: Securing Developer Access, CI/CD and Code (With Love)

Okay, so you’re a security leader at your enterprise – congratulations! It’s a big, challenging role, as you know too well. You or a colleague are likely responsible for securing the cloud and legacy apps that drive critical revenue and customer engagement for your organization. But it’s not just the apps you need to secure.

CVE-2024-5655: Latest GitLab API Vulnerability Threatens Customer Data Exposure

A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version control, and project management. Launched as an open-source project in 2011, it has become a powerful solution used globally by millions.

Secure and Compliant CI/CD Pipelines with GitLab

In today’s fast-paced software development world, seamless, secure, and compliant CI/CD pipelines are critical for success. However, managing multiple tools and processes across development teams using traditional CI/CD solutions can lead to security vulnerabilities, compliance roadblocks, and hinder overall software delivery.

Managing Cybersecurity Risk from the CI/CD Pipeline to the Board Room

In this panel conversation with leaders in cybersecurity, get advice and insights into navigating between IT and Security teams with the advancement of “shift left” concepts as security increasingly moves to development teams and DevOps grows in importance. Further, hear tips and advice on educating Board Audit Committees and Executive Leaders on cloud trends and risk focus areas to maximize investment and focus on the risks that matter to the business.

Securing CI/CD Runners through eBPF

During the Open Security Summit 2024, Yahoo! Principal Security Engineer Mert Coskuner and Kondukto CEO & Co-Founder Cenk Kalpakoglu delved into the intriguing topic of securing CI Runners through eBPF agents. Although the title might seem unconventional, it reflects their creative approach to solving security challenges in continuous integration environments. With the rapid digital transformation of businesses, there has been an increasing focus on supply chain attacks and their impact on security.

Introducing kntrl: Enhancing CI/CD Security with eBPF

CI/CD pipelines are formed by a series of steps that automate the process of software delivery. They integrate the practices of Continuous Integration (CI) and Continuous Delivery (CD) along with the tools, platforms, and repositories that enable them. Their goal is to simplify, streamline and automate large parts of the software development process.