“Your build pipeline is a production system,” says Tom Duckering, lead consultant from Thoughtworks London. Tom gave the talk Securing the Pipeline together with Patrick Downey at XConf Hamburg.
Both Tom and Pat identify themselves as infrastructure automation guys and gave me a short insight into the dangers that could come out of your continuous delivery pipeline when not sufficiently secured.
In this half- hour interview, we first introduce the threats coming out of the pipeline. We establish the continuous delivery pipeline as a production system - because it will create what is in production. We also give an example of how easy it can be to get root access with an anonymous user, and of course we discuss strategies to make a pipeline secure enough for the attack trees a customer might face.
Thoughtworks acknowledges the Traditional Owners of the land where we work and live, and their continued connection to Country. We pay our respects to Elders past and present. Aboriginal and Torres Strait Islander peoples were the world's first scientists, technologists, engineers and mathematicians. We celebrate the stories, culture and traditions of Aboriginal and Torres Strait Islander Elders of all communities who also work and live on this land.
As a company, we invite Thoughtworkers to be actively engaged in advancing reconciliation and strengthen their solidarity with the First Peoples of Australia. Since 2019, we have been working with Reconciliation Australia to formalize our commitment and take meaningful action to advance reconciliation. We invite you to review our Reconciliation Action Plan.