GitOps has revolutionized infrastructure and application management by using Git as the single source of truth. However, this approach comes with security challenges, especially around privilege escalation. In this session, we will explore the most common attacks targeting GitOps workflows, focusing on ArgoCD, and demonstrate how attackers can exploit misconfigurations. We'll also dive into practical strategies to secure your GitOps system, including repository protection, RBAC configuration, secret management, and policy enforcement using tools like OPA/Gatekeeper. Learn how to defend your pipelines and ensure a robust and secure GitOps environment.

This talk is essential for anyone leveraging GitOps practices and seeking to enhance their security posture in cloud-native ecosystems.