Build crucial cyber security skills through interactive training during SANS Cyber Security Mountain 2021. Save $150 thru 6/30.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Locking Down GitFlow with GitHub, GitLab, and Azure DevOps

  • Thursday, May 06, 2021 at 11:59 AM EST (2021-05-06 15:59:00 UTC)
  • Eric Johnson

You can now attend the webcast using your mobile device!



As cloud, security, and operations teams move to DevOps workflows, understanding GitFlow and how to harden version control systems is critical. In this webcast, SEC540 author and instructor will demonstrate how a GitLab version control misconfiguration can allow a CI/CD pipeline to be compromised and result in malware being deployed to the build server. We will then review the security controls available in the GitHub, GitLab, and Azure DevOps version control systems which could have prevented the attack.

Join us for Parts 2 and 3 of this Cloud Security & DevSecOps Series:

Part 2 with Ben Allen on Thurs May 13, Setting the Gold Standard - Using CI pipelines to create validated OS images

Part 3 with Frank Kim on Wed May 26, Cloud Static Analysis Showdown 

Speaker Bio

Eric Johnson

Eric is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevOps Automation, a co-author and instructor for both the brand new SEC510: Public Cloud Security: AWS, Azure, and GCP, and the upcoming SEC584: Cloud Native Security: Defending Containers & Kubernetes. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys. Read more about Eric here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.