Top Ways Hackers Abuse CI/CD Pipelines and Reach Production

How Bad Actors Target the Software Delivery Process

As organizations reduce their attack surfaces with tooling and best practices, bad actors are looking for new attack vectors so they can reach mission-critical systems. One increasingly popular attack vector involves targeting the software delivery process itself by abusing CI/CD pipelines to execute attacks such as malicious code injection. 

When you build and iterate on your CI/CD security strategy, it’s important to get inside the mind of an attacker who’s looking to gain access to your systems. 

So how do bad actors think about CI/CD pipeline-based attack paths?

Tune in to this webinar and learn from our CI/CD security expert, Omer Gil, as he walks through:

• The most common type of CI/CD-based attack — poisoned pipeline execution (PPE)

• How bad actors can bypass required pull request (PR) reviews

• Why bad actors prefer PPE attacks over traditional attack paths

• And more!