Let’s Hack a Pipeline: Argument Injection

Source: devblogs.microsoft.com

Let’s Hack a Pipeline: Argument Injection

Category: Microsoft

In this series of posts, we’ll walk through some common security pitfalls when setting up Azure Pipelines. We don’t really want to get hacked, so we’ll also show off the mitigation.

The purpose of this series is to teach the problems, which we hope helps you avoid them in practice.

A better approach to securing a pipeline would be focusing on what resources the pipeline can access, who can run the pipeline and in what queue/pool. We can set access contorol on all sorts of things in the devops space including pools and secrets.
Read Full Article On devblogs.microsoft.com
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.

Related Articles

Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Microsoft Puts Upgrade Plan in DevOps Motion
Microsoft Puts Upgrade Plan in DevOps Motion
Getting started with Universal Packages – Microsoft DevOps Blog
Getting started with Universal Packages – Microsoft DevOps Blog
Community Partners
CrowdSec
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

Namecheap

CloudWays

Become a Partner?
DevOps Careers
    • Add a Job?