2026-02-02, 16:25–16:50, B.1.011
Recent months have seen several supply chain attacks, such as the tj-actions incident. Is your CI/CD pipeline prepared to defend against them?
Pipelines have privileged access to your code, infrastructure, and secrets, making them a critical component of any modern software development lifecycle (SDLC).
In this talk, we will show practical strategies to secure your pipeline, covering both common vulnerabilities and lesser-known attack vectors. We will go beyond basic recommendations like pinning actions by SHA, and explore how misconfigured repositories can lead to remote code execution (RCE) simply by opening a pull request.
Attendees will leave with actionable steps and a deeper understanding of how to fortify their pipelines against real-world threats.
Building Open Cloud Security at Prowler.
I started as a sysadmin, was a Site Reliability Engineer until a few years ago when I moved to the dark side... Security. I've been hooked to CTFs and anything with a scoreboard for a long time.
Starting the unicrons.cloud project to share knowledge about cloud security with the community.
I’m an SRE focused on Developer Productivity and Platform Engineering, with over 8 years of experience building tools that help developers work smarter. I pride myself on being highly pragmatic, always prioritizing solutions that balance efficiency and impact.
Oh, and fun fact: my right thumb is actually my toe. Yes, it’s as weird as it sounds, but I like to think I can give "Super Likes".