menu

[Podcast] Securing the Pipeline

“Your build pipeline is a production system,” says Tom Duckering, lead consultant from ThoughtWorks London. Tom gave the talk Securing the Pipeline together with Patrick Downey at XConf Hamburg.

Both Tom and Pat identify themselves as infrastructure automation guys and gave me a short insight into the dangers that could come out of your continuous delivery pipeline when not sufficiently secured.

In this half- hour interview, we first introduce the threats coming out of the pipeline. We establish the continuous delivery pipeline as a production system - because it will create what is in production. We also give an example of how easy it can be to get root access with an anonymous user, and of course we discuss strategies to make a pipeline secure enough for the attack trees a customer might face.

Links mentioned in the show:

More episodes of the ThoughtWorks Podcast for technologists can be found at SoundCloud, iTunes, Stitcher, or via RSS.

HELP US GET BETTER!

We'd love to hear about your experience with our website and how you think we can improve.

Take a few minutes to tell us what you think of our website and how we can get better. Take PartNo thanks