Webinar On Demand

4 CI Security Best Practices To Prevent Cloud-Native Supply Chain Attacks

Recorded June 22, 2022

View a Complimentary Webinar Sponsored by Bridgecrew by Prisma Cloud

CI/CD pipelines are the heartbeat of cloud-native supply chains. Developers and DevOps teams depend on them every day to test, integrate, and deliver software, but as they become more exposed to the outside world, they can introduce new complexities and weaknesses. And as the saying goes, chains are only as strong as their weakest link. 

In this talk, we’ll explore the security challenges that come with extensible CI pipelines and how simple CI workflow misconfigurations can leave our supply chain wide open to attackers. Using known potential exploits for platforms such as GitHub Actions, GitLab Runner, and CircleCI as a backdrop, we provide tips for locking down your CI to prevent entry points for supply chain attacks.

Barak Schoster

Chief Architect at Bridgecrew, Palo Alto Networks


Based in Tel Aviv, Barak spends his time helping teams secure cloud infrastructure, contributing to open source projects, and talking about all things infrastructure. Previously, Barak was co-founder and CTO of Bridgecrew and is the creator of open source IaC scanning Checkov. Follow him at @BarakSchoster.