CI/CD pipelines are a highway to production for the services Cash App provides to its users. In the current fast and often automated environment, there are a lot of potential attack surfaces which can compromise the pipeline and result in a security incident.
This talk will cover the approach used by the Cash App team to analyze the risk profile of their CI/CD pipelines, including the strategies applied for mitigating and preventing risks.