Archive of stories published by Cider Security

Homepage

Open in app

All

Omer Gil in Cider Security

Oct 12, 2021

Bypassing required reviews using GitHub Actions

Not using GitHub Actions? You’re also vulnerable.

5 responses

Omer Gil in Cider Security

Feb 8, 2022

PPE — Poisoned Pipeline Execution

Exploiting Jenkins build authorization

Are you aware of the risks lurking in your default Jenkins…

Rotem Bar in Cider Security

Nov 3, 2021

Malicious code analysis: Abusing SAST (mis)configurations to hack CI systems

What happens when SAST…

Rotem Bar in Cider Security

Nov 23, 2021

Our dependencies are under attack, and this time we were lucky…

How can we protect ourselves when our…

Rotem Bar in Cider Security

Jan 19, 2022

Secret Diver — Searching for deeply hidden secrets

Cider Security in Cider Security

Dec 13, 2021

Optimizing your resilience against Log4Shell

Collection of actionable measures — across Prevention, Mitigation, Detection and…

About

Cider Security

Blog posts from Cider Security’s R&D and leadership teams. Topics include: CI/CD Pipelines, DevOps, DevSecOps, Vulnerabilities, Cybersecurity, Entrepreneurship, and more.

More information

Bypassing required reviews using GitHub Actions

Not using GitHub Actions? You’re also vulnerable.

PPE — Poisoned Pipeline Execution

Running malicious code in your CI, without access to your CI

NPM might be executing malicious code in your CI without your knowledge

Visualizing CI/CD from an attacker’s perspective

Exploiting Jenkins build authorization

Are you aware of the risks lurking in your default Jenkins…

Malicious code analysis: Abusing SAST (mis)configurations to hack CI systems

What happens when SAST…

Our dependencies are under attack, and this time we were lucky…

How can we protect ourselves when our…

Secret Diver — Searching for deeply hidden secrets

Optimizing your resilience against Log4Shell