I presented at SecTalks Hobart on the security risks inherent in workflow orchestration platforms and CI/CD systems.
Talk Overview
Workflow orchestration tools (GitHub Actions, GitLab CI, Jenkins, Airflow, etc.) are critical infrastructure, but their complexity creates significant attack surface.
Topics Covered
- Supply Chain Attacks: Malicious actions/plugins and dependency confusion
- Secrets Management: Common pitfalls in handling credentials and API keys
- Privilege Escalation: From workflow execution to infrastructure access
- Lateral Movement: How compromised pipelines can spread across environments
Key Takeaways
- Default configurations often prioritize convenience over security
- Least-privilege principles are critical but rarely implemented
- Monitoring and auditing workflow execution is essential
- Third-party actions/plugins require the same scrutiny as any dependency
Event: SecTalks Hobart community meetup - a vendor-neutral, non-commercial security gathering focused on hands-on learning and knowledge sharing.