Cycode and AWS Collaborate on a 3-Part Series of Videos: Navigating the Complexities of Securing CI/CD Pipelines

user profile
Head of Security Research

In the fast-paced world of software development, organizations are under constant pressure to deliver new features and updates quickly and efficiently. One of the key tools in this effort is the CI/CD pipeline, which automates the software delivery process from code to cloud. However, as the speed of software delivery increases, so do the risks associated with security vulnerabilities and attacks.

To help organizations navigate these complexities, Cycode has collaborated with AWS on a 3-part series of videos that explore the key components of building a secure CI/CD pipeline. This series provides a comprehensive overview of the necessary steps to set up a CI/CD pipeline, the security risks that exist throughout the software development life cycle (SDLC), and the risks associated with vulnerable dependencies.

The first video in the series focuses on building a CI/CD pipeline using Github and AWS. This video provides a step-by-step guide to setting up the pipeline, including creating resources in an AWS account, setting up a repository, and configuring a CI/CD pipeline from code to cloud. The video makes it easy for organizations to quickly get up and running with this technology, even if they have limited technical expertise.

The second video in the series addresses the security risks that exist in each phase of the SDLC. The video covers the potential for malicious actors to gain access to sensitive data and code, or to launch attacks on applications and systems during the development and integration stages, as well as the delivery and deployment stages. This video provides best practices for mitigating these risks, so that organizations can deliver software updates with confidence.

The final video in the series focuses on the risk of vulnerable dependencies across the pipeline. The video provides a real-life example of how a vulnerable Log4j dependency could be exploited to breach the production environment. The video highlights the importance of keeping dependencies up-to-date and secure, and provides best practices for managing vulnerabilities in dependencies.

We invite you to join us as we explore the complexities of building a secure CI/CD pipeline in this 3-part series of videos. Whether you are just starting to build your pipeline or you are an experienced professional looking to enhance your security practices, these videos will provide you with the information you need to ensure the success of your CI/CD efforts. To make it super easy we’ve open-sourced a repository in GitHub where you can explore and experiment with the different items discussed in the streams.

So don’t wait – watch our collaboration with AWS on this exciting series of videos today!

Originally published: February 13, 2023