<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1919858758278392&amp;ev=PageView&amp;noscript=1">

Session Name: Things I’ve Learned on Supply Chain Security

CI workflows keep me up at night. I worry that a malicious actor will use the development pipeline to inject code into one of my repositories and leak assets such as secrets, and source code, or perform unvetted modifications to the application. In this talk, we’ll look at some known bad practices to platforms such as GitHub Actions, GitLab CI, and Bitbucket pipelines and how those mistakes can be prevented.

Speaker Bio:

Barak Schoster (@BarakSchoster) is a Sr Dir, Chief Architect at Palo Alto Networks, working to make cloud security and DevOps processes simpler.

Barak is an open-source enthusiast based in Tel Aviv, creator of the open-source projects Checkov, AirIAM, Terragoat, and contributor to other open-source projects. Previously, Barak was the CTO and Co-Founder of bridgecrew (acquired by Palo Alto Networks) and held various engineering and leadership roles at RSA, Fortscale, and IDF C4I & Cyber Security Directorate.