Let’s Hack a Pipeline: Stealing Another Repo

Source: devblogs.microsoft.com

Let’s Hack a Pipeline: Stealing Another Repo

Category: Security, Microsoft, artificial-intelligence

In this episode, we’ll look at how a malicious user could access source code they shouldn’t see. Welcome to Episode II: Stealing Another Repo.

And editing the pipeline means you can ask the Azure Pipelines system to do malicious things using its credentials.

Azure Pipelines can generate a token which only grants access to named repositories in Azure Repos.

Use the controls available in Azure Pipelines to prevent this attack.
Read Full Article On devblogs.microsoft.com
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.

Related Articles

Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Microsoft Puts Upgrade Plan in DevOps Motion
Microsoft Puts Upgrade Plan in DevOps Motion
Getting started with Universal Packages – Microsoft DevOps Blog
Getting started with Universal Packages – Microsoft DevOps Blog
Community Partners
CrowdSec
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

Mailjet

Koho

Become a Partner?
DevOps Careers
    • Add a Job?