Mark P Hahn, Qualys, and Ted Hahn, TCB Technologies
Your CI/CD Process is chock full of credentials, and almost anyone in your company has access to it. Configuring your CI correctly is vital to supply chain security. We discuss how to reduce that attack surface by enforcing proper branch permissions and using OIDC to reduce long-lived credentials and tie branches to roles.
Mark P Hahn, Qualys
Mark Hahn is Qualys’s Solutions Architect for Cloud and DevOps Security. In this role he works with Qualys’s clients to ensure that cloud applications and infrastructure are secure and reliable. Mark uses DevSecOps and Site Reliability Engineering practices to ensure that software and applications are deployed with high velocity and with the utmost security. He shows clients how to build security into software using agile methods and cloud native distributed systems world built for DevOps and rapid change.
Ted Hahn, TCB Technologies
Ted Hahn is a experienced Site Reliability Engineer, having worked at Google, Facebook and Uber, and most recently having been the primary SRE for Houseparty - Maintaining an infrastructure used for thousands of QPS by millions of users in a company of less than 50. He is currently an independent consultant.
author = {Mark P Hahn and Ted Hahn},
title = {{OIDC} and {CICD}: Why Your {CI} Pipeline Is Your Greatest Security Threat},
year = {2024},
address = {San Francisco, CA},
publisher = {USENIX Association},
month = mar
}
