CISA guidance on securing CI/CD pipelines

What this episode covers

Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the importance of securing CI/CD environments, highlighting the risks associated with these systems and the best practices for mitigating vulnerabilities. They delve into specific threats, including insecure code and supply chain compromises, and emphasize the need for a collaborative approach between security professionals and developers to ensure secure software development practices. ---------------------------------------------------- YouTube Video Link:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠https://youtu.be/zQwFAN6PHrE ---------------------------------------------------- Documentation: https://www.cisa.gov/news-events/alerts/2023/06/28/cisa-and-nsa-release-joint-guidance-defending-continuous-integrationcontinuous-delivery-cicd https://owasp.org/www-project-top-10-ci-cd-security-risks/ ---------------------------------------------------- Contact Us: Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.com Bluesky: https://bsky.app/profile/bluesecuritypod.com LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpod YouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Bluesky: https://bsky.app/profile/ajawzero.com LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠ ---------------------------------------------------- Adam Brewer Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewer LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]

Share this episode

Similar Episodes

Ep 294. Deep Dive. Bedtime and the A.I., Privacy, and Security Weekly Update for the Week ending June 2nd., 2026

Jun 3, 2026 ·35m

Bedtime and the A.I., Privacy, and Security Weekly Update for the Week ending June 2nd., 2026

Jun 3, 2026 ·23m

Episode 293. Deep Dive. Movies, Music, and the AI, Privacy and Security Weekly Update for May 26th 2026

May 27, 2026 ·36m

Movies, Music, and the AI, Privacy, and Security Weekly Update for the Week ending May 26th, 2026

May 27, 2026 ·21m

EP 292. Deep Dive. Leaks and the AI, Privacy, Security Weekly Update for the Week Ending May 19th., 2026

May 20, 2026 ·47m

Leaks and the AI, Privacy, and Security Weekly Update for the Week Ending May 19th., 2026

May 20, 2026 ·19m

Similar Podcasts

Blue Light News Archive Blue Light News is an innovative new Internet radio show devoted to covering the news of Unicoi County in a unique and interesting way. The Wall Ronald W. Chapman II and Sean Weiss The Wall protects our republic by safeguarding our democratic processes, civil liberties, and national security through laws and institutions. Its role in protecting the republic involves balancing security concerns with humanitarian and legal considerations.With over 50 years of legal and government experience combined, Ron Chapman and Sean M. Weiss pull back the curtain on the US government, the U.S. Judicial System, and some of the most influential trials in history that continue to shape our nation today.Join every week for unfiltered conversations, in-depth analysis, and commentary from some of America’s boldest thought leaders.Be sure to follow the podcast on your favorite platform so you never miss a new episode. Kurt Vonnegut: Reporter on the Afterlife Fountainhead Transmedia, Inc. Could death be a quality? A place? Not an ending, but an occurrence that changes those it happens to?In Kurt Vonnegut: Reporter on the Afterlife, Vonnegut skips back and forth between life and the Afterlife as if the difference between them were rather slight. In light hearted interviews with Sir Issac Newton, Adolf Hitler, Isaac Asimov, Mary Wollstonecraft Shelley, William Shakespeare, Joan of Arc, and Kilgore Trout, among others - Vonnegut trips down “the blue tunnel to the pearly gates” in the guise of a roving reporter for public radio, all the while dodging the crotchety bureaucrat, Saint Peter.Kurt Vonnegut: Reporter on the Afterlife, began in 1999 as a series of 90 Second interludes for WNYC, New York City’s public radio station. It has evolved over the past 25 years through writing and rewriting, into a fiction podcast adventure series - available everywhere you listen to pods.This provocat Winnipeg Sports Talk Winnipeg Sports Talk Winnipeg Sports Talk with Andrew "Hustler" Paterson brings you the latest news, analysis and opinion on the local sports scene including Winnipeg Jets, the Winnipeg Blue Bombers, the major sports and of course betting & fantasy. Hosted on Acast. See acast.com/privacy for more information.

Frequently Asked Questions

How long is this episode of Blue Security?

This episode is 31 minutes long.

When was this Blue Security episode published?

This episode was published on February 11, 2025.

What is this episode about?

Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the importance of securing CI/CD environments, highlighting the risks associated with these systems and the best practices for mitigating vulnerabilities....

Can I download this Blue Security episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.