DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

Attacking CI/CD Tools The Crown Jewels — Series 2

4 years ago medium.com
Attacking CI/CD Tools The Crown Jewels — Series 2

Summary: This is a summary of an article originally published by the source. Read the full original article here →

Automating to build projects based on pull requests is something DevOps teams cannot avoid in CI/CD pipelines. When you set up automated builds (also called auto builds), you create a list of branches and tags that you want to build.

In this blog post, we will see how internal users with no access to build servers harness automated build triggers to their advantage to gain access to the build servers and infrastructure.

The build doesn’t wait for a peer review and this is where an internal can harness this feature to their advantage.

Every time a build is invoked based on this container, it creates an avenue for the attacker to gain access to the build tool by initiating a connection to the attacker's machine.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com