LIVE WEBINAR: The Big AppSec Shift of 2023 with Michael Coates & Adrian Ludwig on 20th OCT 2022, at 12:00pm CST. Register here!

Cider Blog

Our Thoughts and Insights on Application Security

How we Abused Repository Webhooks to Access Internal CI Systems at Scale

As adoption of CI systems and processes becomes more prevalent, organizations opt for a CI/CD architecture which combines SaaS-based source control management...

Secret Diver — Searching for deeply hidden secrets

Docker images are composed of layers. These containers, even after modifications and updates, may have secrets...

Our dependencies are under attack, and this time we were lucky…

In the past few weeks, our world infrastructure has been under attack. The attack is very simple: Find a depen...

Visualizing CI/CD from an attacker’s perspective

CI/CD environments and processes are increasingly becoming a key area of focus for both hackers and — conseq...

NPM might be executing malicious code in your CI without your knowledge

The JavaScript ecosystem is highly reliant on dependencies. And all I wanted was a method to safely downl...

Optimizing your resilience against Log4Shell

Collection of actionable measures — across Prevention, Mitigation, Detection and assessment — for coping w...

Malicious code analysis: Abusing SAST (mis)configurations to hack CI systems

I recently found a new method that allows secure code analysis mechanisms to be bypassed and even worse — ab...

Bypassing required reviews using GitHub Actions

A newly discovered security flaw in GitHub allows leveraging GitHub Actions to bypass the required reviews mec...

TOP 10

CI/CD SEC RISKS

Learn More