How to secure your Open Source Project – A quick guide for developers
Foreword This blog is designed to provide developers with a practical, straightforward guide to secure their o...
Asi Greenholts
@TupleType
CI/CD Goat now supports GitLab in a brand new challenge
Exciting news – we’ve released a new version of our CI/CD Goat CTF platform, a deliberately vulner...
Yaron Avital
@yaronavital
OWASP Top 10 CI/CD Security Risks
Cider Security is excited to announce the “Top 10 CI/CD Security Risks” framework is now officially an OWA...
Daniel Krivelevich
@Dkrivelev
How we Abused Repository Webhooks to Access Internal CI Systems at Scale
Sep 20, 2022
16 mins read
Huge thanks to Yaron Avital, Tyler Welton and Daniel Krivelevich for their contribution to this research. Intr...
Asi Greenholts
@TupleType
From Onboarding to Offboarding – Securing GitHub Apps Integration
GitHub officially recommends using GitHub Apps when integrating with GitHub, as they are easy to build and enj...
Yaron Avital
@yaronavital
The Consequences of Inadequate Identity Management in your GitHub Organization
Jul 27, 2022
10 mins read
Identity and Access Management has always been a major area of concern and focus for organizations, across all...
Yaron Avital
@yaronavital
Optimizing CI/CD Credential Hygiene – A Comparison of CI/CD Solutions
Introduction Attackers are always on the lookout to gain access to credentials, which are a critical asset to ...
Asi Greenholts
@TupleType
The Heroku and Travis-CI credential compromise – Action items for defenders
This weekend, GitHub security announced that they are investigating malicious activity, which appears to indic...
Daniel Krivelevich
@Dkrivelev
CI/CD Goat – A deliberately vulnerable CI/CD environment
Today we are excited to announce the launch of “CI/CD Goat” – a deliberately vulnerable CI/CD enviro...
Asi Greenholts
@TupleType