all InfoSec news
CI/CD pipelines and the cloud: Are your development secrets at risk?
Malware Analysis, News and Indicators - Latest topics malware.news
Continuous integration/continuous delivery (CI/CD) is widely embraced by developers because of its ability to deliver code changes more frequently and reliably. Unfortunately, it can deliver those code changes insecurely. When coupled with command-line interfaces (CLIs) offered by cloud service providers, including Google, AWS, and Azure, CI/CD pipelines can pose a serious security threat.
Orca Security senior security researcher Roi Nisimi explained the threat in a blog post. It stems from how environment variables, which can contain secrets, are handled …
aws azure can cd pipelines cloud cloud service cloud service providers code command continuous continuous delivery continuous integration delivery developers development google integration line pipelines risk secrets service service providers