Paco Sanchez
I’m an SRE focused on Developer Productivity and Platform Engineering, with over 8 years of experience building tools that help developers work smarter. I pride myself on being highly pragmatic, always prioritizing solutions that balance efficiency and impact.
Oh, and fun fact: my right thumb is actually my toe. Yes, it’s as weird as it sounds, but I like to think I can give "Super Likes".
Sessions
Recent months have seen several supply chain attacks, such as the tj-actions incident. Is your CI/CD pipeline prepared to defend against them?
Pipelines have privileged access to your code, infrastructure, and secrets, making them a critical component of any modern software development lifecycle (SDLC).
In this talk, we will show practical strategies to secure your pipeline, covering both common vulnerabilities and lesser-known attack vectors. We will go beyond basic recommendations like pinning actions by SHA, and explore how misconfigured repositories can lead to remote code execution (RCE) simply by opening a pull request.
Attendees will leave with actionable steps and a deeper understanding of how to fortify their pipelines against real-world threats.