From Onboarding to Offboarding – Securing GitHub Apps Integration
GitHub officially recommends using GitHub Apps when integrating with GitHub, as they are easy to build and enj...
Yaron Avital
@yaronavital
The Consequences of Inadequate Identity Management in your GitHub Organization
Jul 27, 2022
10 mins read
Identity and Access Management has always been a major area of concern and focus for organizations, across all...
Yaron Avital
@yaronavital
Optimizing CI/CD Credential Hygiene – A Comparison of CI/CD Solutions
Introduction Attackers are always on the lookout to gain access to credentials, which are a critical asset to ...
Asi Greenholts
@TupleType
The Heroku and Travis-CI credential compromise – Action items for defenders
This weekend, GitHub security announced that they are investigating malicious activity, which appears to indic...
Daniel Krivelevich
@Dkrivelev
CI/CD Goat – A deliberately vulnerable CI/CD environment
Today we are excited to announce the launch of “CI/CD Goat” – a deliberately vulnerable CI/CD enviro...
Asi Greenholts
@TupleType
The Top 10 CI/CD Security Risks – Official Release
Today, we are proud to announce the release of the “Top 10 CI/CD Security Risks project” This extensive ef...
Daniel Krivelevich
@Dkrivelev
Why generating SBOM based on your code is far from enough
Mar 14, 2022
16 mins read
This isn’t yet another blog giving the SBOM 101. There is an abundance of those. This is a deep dive into th...
Exploiting Jenkins build authorization
Feb 17, 2022
11 mins read
TL;DR
The default build authorization configuration in Jenkins — controlling the permissions allocated to pi...
Asi Greenholts
@TupleType
PPE — Poisoned Pipeline Execution
Feb 08, 2022
25 mins read
Dev environments have become a major part of today’s attack surface. And within them, the most lucrative ass...
