Category: Security, Microsoft, artificial-intelligence
In this episode, we’ll look at how a malicious user could access source code they shouldn’t see. Welcome to Episode II: Stealing Another Repo.
And editing the pipeline means you can ask the Azure Pipelines system to do malicious things using its credentials.
Azure Pipelines can generate a token which only grants access to named repositories in Azure Repos.
Use the controls available in Azure Pipelines to prevent this attack.