Locking Down GitFlow with GitHub, GitLab, and Azure DevOps

  • Thursday, 06 May 2021 11:59AM EST (06 May 2021 15:59 UTC)
  • Speaker: Eric Johnson

As cloud, security, and operations teams move to DevOps workflows, understanding GitFlow and how to harden version control systems is critical. In this webcast, SEC540 author and instructor will demonstrate how a GitLab version control misconfiguration can allow a CI/CD pipeline to be compromised and result in malware being deployed to the build server. We will then review the security controls available in the GitHub, GitLab, and Azure DevOps version control systems which could have prevented the attack.

Join us for Parts 2 and 3 of this Cloud Security & DevSecOps Series:

Part 2 with Ben Allen on Thurs May 13, Setting the Gold Standard - Using CI pipelines to create validated OS images

Part 3 with Frank Kim on Wed May 26, Cloud Static Analysis Showdown