ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Securing CI/CD"
Episode Synopsis
Key topics on Access Control Podcast: Episode 14 - Securing CI/CD and Supply Chain
- What is CI/CD? CI/CD stands for continuous integration, continuous deployment.
- With regard to software supply chain problems, as with other similar problems, there's always the question of how long have we known about something versus how long has it been happening.
- Continuous deployment is important for remediation because the length of time to push a deployment impacts the duration of exposure to a given security problem.
- The SolarWinds incident was caused by a compromised build server and involved sophisticated loading of a backdoor into the deployed Orion system.
- Prior to recent security incidents, traditional CI/CD's focussed around image and artifact scanning. Securing Tokens and Build Infrastructure have been a key part of the solution to keep CI/CD secure.
- As companies string together a large number of tools, it's important for them to ask: What is the security model we have here? We'll discuss this in detail with this eposide.
- What is CI/CD? CI/CD stands for continuous integration, continuous deployment.
- With regard to software supply chain problems, as with other similar problems, there's always the question of how long have we known about something versus how long has it been happening.
- Continuous deployment is important for remediation because the length of time to push a deployment impacts the duration of exposure to a given security problem.
- The SolarWinds incident was caused by a compromised build server and involved sophisticated loading of a backdoor into the deployed Orion system.
- Prior to recent security incidents, traditional CI/CD's focussed around image and artifact scanning. Securing Tokens and Build Infrastructure have been a key part of the solution to keep CI/CD secure.
- As companies string together a large number of tools, it's important for them to ask: What is the security model we have here? We'll discuss this in detail with this eposide.
More episodes of the podcast Access Control
From SIEM to Detection as Code
16/07/2024
Securing the Open-source Future
12/01/2024
From Orange Book to Identity-Native
15/12/2023
University Access Control
07/07/2023
Multi-Layered Security
23/03/2023
Access at Scale
21/12/2022
Platform for HyperGrowth
09/08/2022
In God we trust