Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore sophisticated supply chain attack techniques in this 27-minute conference talk that demonstrates how malicious maintainers can compromise GitHub releases without directly modifying application code. Learn about three distinct classes of attacks targeting CI/CD build pipelines, with five practical examples showing how to execute these attacks stealthily through minimal, inconspicuous changes to GitHub Actions workflows. Discover the security implications for cloud infrastructure deployment pipelines that rely on third-party releases, particularly terraform providers, while examining detection strategies and mitigation approaches to strengthen your own supply chain security. Gain insights from a red teamer's perspective on exploiting CI/CD vulnerabilities and understand the critical importance of scrutinizing open-source tool releases in your cloud security posture.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
