このページは https://speakerdeck.com/rgbkrk/is-this-your-pipe-hijacking-the-build-pipeline の内容を掲載しています。
As developers of the web, we rely on tools to automate building code, run tests, and even deploy ...
As developers of the web, we rely on tools to automate building code, run tests, and even deploy services. What happens when we're too trusting of CI/CD pipelines? Credentials get exposed, hijacked, and re-purposed. We'll talk about how often and what happens when people leak public cloud credentials, how some are protecting themselves using encrypted secrets, how to bypass protections against leaking decrypted secrets and how to turn their Jenkins into your own butler.