We have a new article available for you that you may find interesting or important if you use CI/CD pipelines. As borne out by real-world incidents, it is easy to accidentally expose credentials/keys/certificates/tokens/etc. from CI/CD systems. This can lead to compromise of your software, data leaks, breaches, takeovers, privilege escalation, and more, and ultimately harm to your customers and brand.
We start by covering the current industry state with respect to security on CI/CD-handled secrets. Exploring the problem, we describe 11 different scenarios where secrets are used in CI/CD systems and the associated risks for each case. We also cover a range of steps to mitigate the risks in general and for specific scenarios.
This article is on the Secure by Design Education Hub: Securing Secrets in CI/CD Pipelines. You can use that link if you want to pass along the article to collogues and network.
As always, I welcome your thoughts and feedback.