Save 40% on Coursera Plus Annual

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How Insecure Defaults Led To Undetected Supply Chain Incident - A CI/CD Security Nightmare

OpenSSF via YouTube

Start learning Write review
OpenLearning Ad

Future-Proof Your Career: AI Manager Masterclass

Learn More → Boot.dev Ad

The Most Addictive Python and SQL Courses

Learn More →

Overview

Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn how insecure CI/CD pipeline defaults can create undetected supply chain vulnerabilities through a real-world security incident analysis. Explore the forensic investigation of a 2-year-old exposed token that enabled potential manipulation of public images and forced code signing credential revocation at an open-source company. Examine the detailed breakdown of what went wrong, including lack of artifact scanning, weak secret hygiene, and implicit trust in CI defaults. Discover practical security improvements including automated scanners, secret permissions management, and comprehensive security review processes. Gain insights into identifying and mitigating highly exploitable attack vectors that can remain hidden for years, helping prevent supply chain attacks before they occur.

Syllabus

How Insecure Defaults Led To Undetected Supply Chain Incident: A CI/CD Security Night... Vipul Gupta

Taught by

OpenSSF

Reviews

Start your review of How Insecure Defaults Led To Undetected Supply Chain Incident - A CI/CD Security Nightmare

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.