Securing your CI/CD: an OIDC Tutorial
The article highlights the significance of securing CI/CD systems and offers three best practices. It introduces OpenID Connect (OIDC) as a means to employ short-lived tokens for improved security.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
CI CD
DevOps Speakeasy with Brett Smith
We caught up with Brett Smith, Software Architect at SAS. In his session, Supply Chain Robots, Electric Sheep, and SLSA Brett discusses creating automation, shifting left, attack vectors, attestation, verification, zero trust, and how the SLSA specification helps implement solutions for each. Most importantly, security must apply throughout a pipeline. The talk will lead to a larger discussion about the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.
8 tips for securing your CI/CD pipeline with Snyk
Securing your CI/CD pipeline is critical to modern application security. So, we created a cheat sheet to make the process easier. In this post, we’ll cover using Snyk in your CI/CD pipelines to catch security issues quickly and empower your developers to fix them before they get to production.
How to strengthen security in your CI/CD pipeline
DevSecOps refers to the integration of security practices into DevOps process. With modern development cycles, you can't afford to leave security until the end. It should be baked in at every stage. Continuous integration, continuous delivery (CI/CD) security is a big part of the DevSecOps picture. It's critical that you secure your pipelines and that the automated systems used to implement CI/CD are not vulnerable to attack.
Building a security-conscious CI/CD pipeline
Continuous integration (CI) and continuous delivery (CD) has become a ubiquitous practice for DevOps teams. The CI/CD process focuses on building and deploying new applications or releasing updates to already-deployed workloads. As a result, most CI/CD efforts focus on enhancing development speeds. However, CI/CD practices can accomplish much more than enabling workload deployments.
Securing CI/CD pipelines with 1Password Service Accounts
Attention developers and DevOps teams! Today we’re excited to announce that 1Password Service Accounts are now generally available to all users. Whether you’re a growing startup, a thriving mid-size company, or a sprawling enterprise, service accounts offer a secure, automated way to access infrastructure secrets exactly where they’re needed.
Using 1Password Service Accounts with CircleCI and Docker
In this demo, see how you can secure your infrastructure secrets in 1Password then load them directly into CircleCI jobs to publish a Docker image using 1Password Service Accounts and CLI.
Using 1Password Service Accounts with CircleCI and PyPI
In this demo, see how you can secure your infrastructure secrets in 1Password then load them directly into CircleCI jobs to publish a Python package to PyPI using 1Password Service Accounts and CLI.
How to Secure Your CI/CD Pipelines with GitGuardian Honeytokens
Discover how honeytokens, digital decoys designed to detect unauthorized access, can strengthen the security of your CI/CD pipelines. In this guide, we offer step-by-step instructions for integrating them into popular pipelines like Jenkins, GitLab, and AWS CodePipeline.
The implications of adding SAST to your CI/CD pipeline
DevSecOps is all about better integrating security into the software development life cycle (SDLC). When combined with the desire to automate repetitive tasks, the inevitable conclusion is to put any repeatable testing tool into your app’s build pipeline. For any tooling that involves code analysis, it makes sense to sync up with existing testing workflows. That’s where CI comes in.