Coming to Vegas this August? Meet our team 1-on-1 at Black Hat, BSides & DefCon Let’s talk AppSec!

Cider Blog

Our Thoughts and Insights on Application Security

CI/CD Goat – A deliberately vulnerable CI/CD environment

Today we are excited to announce the launch of “CI/CD Goat” – a deliberately vulnerable CI/CD environment which allows engineers, security practitioners,...

The Consequences of Inadequate Identity Management in your GitHub Organization

Identity and Access Management has always been a major area of concern and focus for organizations, across all...

Optimizing CI/CD Credential Hygiene – A Comparison of CI/CD Solutions

Introduction Attackers are always on the lookout to gain access to credentials, which are a critical asset to ...

The Heroku and Travis-CI credential compromise – Action items for defenders

This weekend, GitHub security announced that they are investigating malicious activity, which appears to indic...

The Top 10 CI/CD Security Risks – Official Release

Today, we are proud to announce the release of the “Top 10 CI/CD Security Risks project” This extensive ef...

Why generating SBOM based on your code is far from enough

This isn’t yet another blog giving the SBOM 101. There is an abundance of those. This is a deep dive into th...

Exploiting Jenkins build authorization

TL;DR The default build authorization configuration in Jenkins — controlling the permissions allocated to pi...

PPE — Poisoned Pipeline Execution

Dev environments have become a major part of today’s attack surface. And within them, the most lucrative ass...

Secret Diver — Searching for deeply hidden secrets

Docker images are composed of layers. These containers, even after modifications and updates, may have secrets...

Our dependencies are under attack, and this time we were lucky…

In the past few weeks, our world infrastructure has been under attack. The attack is very simple: Find a depen...

TOP 10

CI/CD SEC RISKS

Learn More