Protect the Pipe! A Policy-based Approach for Securing CI/CD Pipelines - Shripad Nadgowda, IBM Research & Jim Bugwadia, Nirmata

less than 1 minute read

Abstract

Modern applications are composed of hundreds of packages and delivered to production via automated CI/CD pipelines. With rapid delivery comes the growing risk of attacks, vulnerabilities, and misconfigurations. Protecting these critical assets requires policy-based controls for CI/CD pipeline composition, configurations and execution. In this session, Shripad and Jim will present a cloud-native security framework for Tekton pipelines using in-toto, Kyverno and sigstore. They will discuss the unique security challenges for CI/CD pipelines, and then demonstrate the use of open-source tools to attest and verify each pipeline resource and execution step using declarative policies.Click here to view captioning/translation in the MeetingPlay platform!

Sched URL

Video