Homepage
Open in app
Sign in
Get started
Archive of stories published by Cider Security
All
Sort by most read
Omer Gil
in
Cider Security
Oct 12, 2021
Bypassing required reviews using GitHub Actions
Not using GitHub Actions? You’re also vulnerable.
Read more…
304
5 responses
Omer Gil
in
Cider Security
Feb 8, 2022
PPE — Poisoned Pipeline Execution
Running malicious code in your CI, without access to your CI
Read more…
333
Rotem Bar
in
Cider Security
Jan 3, 2022
NPM might be executing malicious code in your CI without your knowledge
Read more…
95
Leon Goldberg
in
Cider Security
Jan 10, 2022
Visualizing CI/CD from an attacker’s perspective
Read more…
100
Asi Greenholts
in
Cider Security
Feb 17, 2022
Exploiting Jenkins build authorization
Are you aware of the risks lurking in your default Jenkins…
Read more…
194
Rotem Bar
in
Cider Security
Nov 3, 2021
Malicious code analysis: Abusing SAST (mis)configurations to hack CI systems
What happens when SAST…
Read more…
230
Rotem Bar
in
Cider Security
Nov 23, 2021
Our dependencies are under attack, and this time we were lucky…
How can we protect ourselves when our…
Read more…
16
Rotem Bar
in
Cider Security
Jan 19, 2022
Secret Diver — Searching for deeply hidden secrets
Read more…
88
Cider Security
in
Cider Security
Dec 13, 2021
Optimizing your resilience against Log4Shell
Collection of actionable measures — across Prevention, Mitigation, Detection and…
Read more…
23
About
Cider Security
Blog posts from Cider Security’s R&D and leadership teams. Topics include: CI/CD Pipelines, DevOps, DevSecOps, Vulnerabilities, Cybersecurity, Entrepreneurship, and more.
More information
Tags
Application Security
Dependency Injection
Security
Log4j
Log4shell
Ci Cd Pipeline
Open Source
Kubernetes
Docker
Secrets
Editors
Cider Security
Omer Gil
Rotem Bar
Daniel Krivelevich
Leon Goldberg
Writers
Rotem Bar
Omer Gil
Sharone Zitzman
Tomer
Shlomi Lavi
Yonatan Krieger
Leon Goldberg
Daniel Krivelevich
Asi Greenholts