or
or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up
Syntax | Example | Reference | |
---|---|---|---|
# Header | Header | 基本排版 | |
- Unordered List |
|
||
1. Ordered List |
|
||
- [ ] Todo List |
|
||
> Blockquote | Blockquote |
||
**Bold font** | Bold font | ||
*Italics font* | Italics font | ||
~~Strikethrough~~ | |||
19^th^ | 19th | ||
H~2~O | H2O | ||
++Inserted text++ | Inserted text | ||
==Marked text== | Marked text | ||
[link text](https:// "title") | Link | ||
 | Image | ||
`Code` | Code |
在筆記中貼入程式碼 | |
```javascript var i = 0; ``` |
|
||
:smile: | ![]() |
Emoji list | |
{%youtube youtube_id %} | Externals | ||
$L^aT_eX$ | LaTeX | ||
:::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
xxxxxxxxxx
CI/CD 管道與基礎建設的分層縱深安全防禦 - 林智偉(Wayne Lin)
歡迎來到 DevOpsDay Taipei 2024 共筆
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →共筆入口:https://hackmd.io/@DevOpsDay/2024
手機版請點選上方 按鈕展開議程列表。
》議程介紹
》填寫議程滿意度問卷|回饋建言給辛苦的講者
CI/CD Pipeline 團隊組合: RD & Infra & Security
Governance
No Governance >> Infra >> Strict Governance
為什麼今天要講 Security ?
10 real-world stories of how we’ve compromised CI/CD pipelines
最容易被攻擊的兩個點:身分驗證、CICD pipline
CI/CD pipeline 握有的權限幾乎是機器本身, 破pipeline等於破機器
Attacks
Reference :
Layers
source code , pipeline runtime, network
Before Deep Dive
Overall Framework
error budget: do overall 我還有 develop time? SRE 提供很重要概念,要有錯誤處裡預算
General Recommendations: Authentication & Access
Hardening IaC CI/CD
Hardening Application CI/CD
很像 Hardening IaC CI/CD
Open Source More Securely
檢測使用的套件,及其相依套件是否安全
https://deps.dev/
SLSA and SBOM
軟體產製過程的控制、 BOM表,製造業把零件一一列表出詳細信息的表叫 BON表。S = software。
tags:
DevOpsDays Taipei 2024
共筆聊天室:
特別調查安全小組的來賓,嗯,沒人。
有人的地方就是 ~ 江湖
ZeroTrust 去年很紅, 今年好像不紅了