You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In this scientific presentation we will present the importance of security in a CI/CD-pipeline, with a focus on CD. We want to spread awareness of its attacks surfaces and security impacts. This will be based on the scientific paper: [Understanding Security Threats in Open-Source Software CI/CD Pipelines](https://ieeexplore-ieee-org.focus.lib.kth.se/stamp/stamp.jsp?tp=&arnumber=10061526).
**Relevance**
With the growing use of CI/CD-pipelines it is important to take security into consideration. With a lot of code existing on places such as GitHub the pipelines are available for most to see and the pipelines themselves being easier to access for the general public through actions such as pull requests, which can lack any strict authentication. Therefor, existing vulnerabilities could be exploited by attackers and lead to contaminated deployments among other things.
Even worse, people are not aware of the attack surface and its corresponding impacts, highlighting the importance of this area and why it is important for a good CD-pipeline.
