Room 2

10:20 - 11:20 (UTC+02)

Talk (60 min)

Protect yourself against supply chain attacks through your pipeline

Attacks against your pipelines are more and more common these days. We'll go over the attack vectors you need to be aware of and how someone could potentially misuse a simple setting to hijack your environment, with very large consequences.

From breaking out of your shell scripts in the CI/CD pipeline, misusing typo's in third packages or even squatting your internal package names on a public repository: there are lots of ways to get into your pipeline!

Rob Bos

Rob has a strong focus on ALM and DevOps, automating manual tasks and helping teams deliver value to the end-user faster, using DevOps techniques. This is applied on anything Rob comes across, whether it’s an application, infrastructure, serverless or training environments. Additionally, Rob focuses on the management of production environments, including dashboarding, usage statistics for product owners and stakeholders, but also as part of the feedback loop to the developers. A lot of focus goes to GitHub and GitHub Actions, improving the security of applications and DevOps pipelines.