Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore sophisticated supply chain attack techniques in this 27-minute conference talk that demonstrates how malicious maintainers can compromise GitHub releases without directly modifying application code. Learn about three distinct classes of attacks targeting CI/CD build pipelines, with five practical examples showing how to execute these attacks stealthily through minimal, inconspicuous changes to GitHub Actions workflows. Discover the security implications for cloud infrastructure deployment pipelines that rely on third-party releases, particularly terraform providers, while examining detection strategies and mitigation approaches to strengthen your own supply chain security. Gain insights from a red teamer's perspective on exploiting CI/CD vulnerabilities and understand the critical importance of scrutinizing open-source tool releases in your cloud security posture.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
