latest

Workflows

Application code workflows
Infrastructure code workflows

Adversaries

External adversary
Internal adversary

Assets

CI server access control
Database
Production code
Source code management access control
Source code

Attack vectors

Authentication schemes
CI Server
Containers
K8s objects
Logs
Package registries
Repository hosting services
User accounts

Attacks

Poisoned pipeline execution
Supply chain attacks

Threats

Exposure of secrets
Insecure code
Insecure system configuration
Lateral movement
Usage of third party services

CI/CD threat model

CI/CD threat model
Green Team
Improbability Blog
About
Register

Logs

What is logged and can we gain access to some logs?

Previous Next

Unseen University, 2023, with a forest garden fostered by /ut7.

Read the Docs v: latest

Versions: latest

Downloads

On Read the Docs: Project Home; Builds