Cider’s platform is now available on

Cider Blog

Our Thoughts and Insights on Application Security

How we Abused Repository Webhooks to Access Internal CI Systems at Scale

Huge thanks to Yaron Avital, Tyler Welton and Daniel Krivelevich for their contribution to this research. Intro As adoption of CI systems and processes becomes more...
OWASP Top 10 CI/CD Security Risks
Cider Security is excited to announce the “Top 10 CI/CD Security Risks” framework is now officially an OWA...
From Onboarding to Offboarding – Securing GitHub Apps Integration
GitHub officially recommends using GitHub Apps when integrating with GitHub, as they are easy to build and enj...
The Consequences of Inadequate Identity Management in your GitHub Organization
Identity and Access Management has always been a major area of concern and focus for organizations, across all...
Optimizing CI/CD Credential Hygiene – A Comparison of CI/CD Solutions
Introduction Attackers are always on the lookout to gain access to credentials, which are a critical asset to ...
The Heroku and Travis-CI credential compromise – Action items for defenders
This weekend, GitHub security announced that they are investigating malicious activity, which appears to indic...
CI/CD Goat – A deliberately vulnerable CI/CD environment
Today we are excited to announce the launch of “CI/CD Goat” – a deliberately vulnerable CI/CD enviro...
The Top 10 CI/CD Security Risks – Official Release
Today, we are proud to announce the release of the “Top 10 CI/CD Security Risks project” This extensive ef...
Why generating SBOM based on your code is far from enough
This isn’t yet another blog giving the SBOM 101. There is an abundance of those. This is a deep dive into th...
Exploiting Jenkins build authorization
TL;DR The default build authorization configuration in Jenkins — controlling the permissions allocated to pi...
We are excited to announce that Cider Security has signed a definitive agreement to be acquired by Palo Alto Networks!