Modern CI/CD systems are fast, flexible, and increasingly under fire. Recent attacks like the compromise of GitHub Actions (tj-actions/changed-files) reveal how exposed secrets, unrestricted workflows, and unmonitored build activity create direct paths for supply chain compromise.
Join us for a tactical session on securing the most overlooked link in your software delivery process. We’ll break down the OWASP Top 10 CI/CD Security Risks—with real-world examples—and show you how to protect your pipelines where it counts.
You’ll learn how to:
Lock down service accounts and enforce least-privilege across tools
Secure your branches with strong protections and review gates
Detect misuse and threats in version control systems (VCS) and pipeline logs
Vet third-party CI/CD integrations before they introduce risk
This session is built for DevSecOps teams, platform engineers, and AppSec leaders looking to shift pipeline security left—without slowing down delivery.
As more organizations invest in secure SDLC and code scanning, attackers are shifting to what comes after the merge. If your CI/CD workflows are still a blind spot, this session will help you close it—before your pipeline becomes your weakest link.
