As an industry, we are using third party packages and building components for lots of things. In this supply chain, there are lots of places for vulnerabilities. They can then be used to attack your DevOps pipelines!

In this session, I will go over some common attack examples and show you a way to prevent them from happening. There are frameworks available in the industry that guide you through the process of becoming more mature in protecting not only your source code and application but also the packages you use and the pipelines you build them with. I'll demo some of GitHub's features that help preventing these types of attacks

Given at NDC Security in Oslo - April 2022