LATEST INTELLIGENCE rise in the amount , frequency and magnitude of incidents and attack vectors focusing on abusing flaws in the CI / CD ecosystem , including :
• The compromise of the SolarWinds build system , used to spread malware through to 18,000 customers .
• The Codecov breach , that led to exfiltration of secrets stored within environment variables in thousands of build pipelines across numerous enterprises .
• The PHP breach , resulting in publication of a malicious version of PHP containing a backdoor .
• The Dependency Confusion flaw , which affected dozens of giant enterprises , and abuses flaws in the way external dependencies are fetched to run malicious code on developer workstations and build environments .
• The compromises of the ua-parser-js , coa and rc NPM packages , with millions of weekly downloads each , resulting in malicious code running on millions of build environments and developer workstations .
While attackers have adapted their techniques to the new realities of CI / CD , most defenders are still early on in their efforts to find the right ways to detect , understand and manage the risks associated with these environments . Seeking the right balance between optimal security and engineering velocity , security teams are in search for the most effective security controls that will allow engineering to remain agile without compromising on security . p
Download whitepapers free from www . intelligentcio . com / apac / whitepapers /
www . intelligentcio . com INTELLIGENTCIO APAC 21