Understanding Attack Surfaces in CI/CD Pipelines

CI/CD pipelines are a highway to production for the services Cash App provides to its users. In the current fast and often automated environment, there are a lot of potential attack surfaces which can compromise the pipeline and result in a security incident.

This talk will cover the approach used by the Cash App team to analyze the risk profile of their CI/CD pipelines, including the strategies applied for mitigating and preventing risks.