Open in app
Sign inGet started
Exploiting Jenkins build authorization

Exploiting Jenkins build authorization

Are you aware of the risks lurking in your default Jenkins configuration?
Go to the profile of Asi Greenholts
Asi Greenholts
PPE — Poisoned Pipeline Execution

PPE — Poisoned Pipeline Execution

Running malicious code in your CI, without access to your CI
Go to the profile of Omer Gil
Omer Gil
Secret Diver — Searching for deeply hidden secrets

Secret Diver — Searching for deeply hidden secrets

We are glad to introduce Secret Diver, a tool that allows you to search inside Docker layers for secrets.
Go to the profile of Rotem Bar
Rotem Bar
Visualizing CI/CD from an attacker’s perspective

Visualizing CI/CD from an attacker’s perspective

Lessons learned and insight gained from a year of modeling and engineering CI/CD graphs
Go to the profile of Leon Goldberg
Leon Goldberg
NPM might be executing malicious code in your CI without your knowledge

NPM might be executing malicious code in your CI without your knowledge

How to tell if you are using NPM safely within your CI
Go to the profile of Rotem Bar
Rotem Bar
Optimizing your resilience against Log4Shell

Optimizing your resilience against Log4Shell

Collection of actionable measures — across Prevention, Mitigation, Detection and assessment — for coping with the Log4Shell chaos
Go to the profile of Cider Security
Cider Security
Our dependencies are under attack, and this time we were lucky…

Our dependencies are under attack, and this time we were lucky…

How can we protect ourselves when our world infrastructure is under attack?
Go to the profile of Rotem Bar
Rotem Bar
About Cider SecurityLatest StoriesArchiveAbout MediumTermsPrivacyTeams