LinkedIn

Your pipeline checks code for vulnerabilities. But rarely is anyone checking whether the pipeline itself is trustworthy. Here's what I would do.

I see this so often with clients, and have done for years now. They've usually got a 'good enough' pipeline setup: Terraform linting, Checkov running, maybe some SCA (software composition analysis) ...
SecurityWeek

GitLab Patches Code Execution, Information Disclosure Vulnerabilities

GitLab CE/EE security updates resolve 13 vulnerabilities, including high-severity code execution and information disclosure ...
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
Cryptopolitan on MSN

Cordyceps flaws let anyone with a free GitHub account hijack CI/CD pipelines at Microsoft, Google, and Apache

Security firm Novee has revealed Cordyceps as a class of exploitable CI/CD vulnerabilities across open-source repositories ...
LinkedIn

Delivery Manager — CI/CD Tools, AWS, Docker, and Full-Stack Delivery

Purpose: Give a Delivery Manager a complete, internalised picture of how modern software gets built, tested, packaged, and shipped — across web and mobile — using CI/CD, AWS, Docker, and the ...