Категории

Did you close this CI/CD Security Backdoor? Pull Requests!

Опубликовано: 06 Октябрь 2024
на канале: Julie Ng
1,841
88

Are you sure you've locked down your cloud workloads? You have RBAC to ensure developers cannot deploy directly to production. Have you configured RBAC for your repos and pipelines as well? But many still forget about Pull Requests. In this video, you will learn how Pull Requests work under the hood and we will walk through some pipelines. After this you'll never leave that security back door open again!

Pipeline Walkthrough Repo
https://github.com/azure/devops-gover...

00:00 Intro
00:38 Whiteboard - Cloud Security and Pull Requests
03:43 Whiteboard - How Pull Requests work?
08:52 Walkthrough - Example Pipelines
09:24 ProTip - Use Multiple Pipelines
10:17 Walkthrough - ci.yaml
11:16 Walkthrough - detect-drift.yaml
16:33 Walkthrough - cd.yaml
18:20 Summary

play_arrow
442
11

Mini Lamborghini Urus Unboxing | Off-roading | Diecast Model Car Off-roading

Mini Lamborghini Urus Unboxing | Off-roading | Diecast Model Car Off-roading

play_arrow
192
4

⚠️Hurry Up⚠️ MY HELLO KITTY CAFE CODES APRIL 2025 - ROBLOX MY HELLO KITTY CAFE CODES

⚠️Hurry Up⚠️ MY HELLO KITTY CAFE CODES APRIL 2025 - ROBLOX MY HELLO KITTY CAFE CODES
play_arrow
131
10

maa ne apne kismat me sukoon likhwana bhul gayi

maa ne apne kismat me sukoon likhwana bhul gayi

play_arrow
64
4

7 Free Keyword Research Tool for Blog Ranking in 2024 || SEO for Beginners || Get 20k Daily Traffic

7 Free Keyword Research Tool for Blog Ranking in 2024 || SEO for Beginners || Get 20k Daily Traffic
play_arrow
342
11

Legs Workout exercise at Home

Legs Workout exercise at Home

play_arrow
133
1

2p pushers amusement arcade Barry island treasure Island

2p pushers amusement arcade Barry island treasure Island
play_arrow
547
84

Бойовий командир

Бойовий командир

play_arrow
1,267
46

Лечение Со-зависимости - 45 @Всё о Наркомании и Алкоголизме Александр Касаткин ​

Лечение Со-зависимости - 45 @Всё о Наркомании и Алкоголизме Александр Касаткин ​
Похожие видео
play_arrow
Can AI help me deploy to Kubernetes?

Can AI help me deploy to Kubernetes?
play_arrow
Why you can't impersonate me on GitHub

Why you can't impersonate me on GitHub
play_arrow
How to do (chunked) cloud uploads

How to do (chunked) cloud uploads
play_arrow
Git Branching for Docker Image Promotion across Environments 🚀 - Live Coding Walkthrough

Git Branching for Docker Image Promotion across Environments 🚀 - Live Coding Walkthrough
play_arrow
YAML Pipelines Walkthrough - GitHub Actions & Workflows

YAML Pipelines Walkthrough - GitHub Actions & Workflows
play_arrow
Deploy Feature Branches to Kubernetes

Deploy Feature Branches to Kubernetes
play_arrow
Deploy from GitHub Actions without Passwords | Watch Me Work

Deploy from GitHub Actions without Passwords | Watch Me Work
play_arrow
Version and Automate ⚡️ Releases like a Pro - Walkthrough and Demo

Version and Automate ⚡️ Releases like a Pro - Walkthrough and Demo
play_arrow
Too much security? Locked myself out with Pull Requests

Too much security? Locked myself out with Pull Requests
play_arrow
Moving, Bad Luck in August and Ask Me Anything

Moving, Bad Luck in August and Ask Me Anything
play_arrow
How I Resolve Git Merge Conflicts with Rebasing (Abort!)

How I Resolve Git Merge Conflicts with Rebasing (Abort!)
play_arrow
Managing 3 Kubernetes Clusters with Terraform + Makefiles in 1 Repo

Managing 3 Kubernetes Clusters with Terraform + Makefiles in 1 Repo
play_arrow
(Simple?) Real World Azure Pipelines YAML Walkthrough

(Simple?) Real World Azure Pipelines YAML Walkthrough
play_arrow
Debugging and Fixing Terraform State - Watch Me Work

Debugging and Fixing Terraform State - Watch Me Work
play_arrow
DevOps in Real Life - what an Experienced Architect Looks for

DevOps in Real Life - what an Experienced Architect Looks for
play_arrow
Block User AAD Sign-In takes HOURS…to debug

Block User AAD Sign-In takes HOURS…to debug
play_arrow
Vlog #2 - Why you'll never see this on official Microsoft Channels

Vlog #2 - Why you'll never see this on official Microsoft Channels
play_arrow
Azure Pipelines - Service Connections and Requiring Human Approval for Deployment

Azure Pipelines - Service Connections and Requiring Human Approval for Deployment
play_arrow
Azure Pipelines - Service Connections in YAML and Naming Conventions

Azure Pipelines - Service Connections in YAML and Naming Conventions
play_arrow
Azure Pipelines - Sharing Service Connections / Credentials across Projects

Azure Pipelines - Sharing Service Connections / Credentials across Projects
play_arrow
Azure DevOps #1 Best Practice - Identity!

Azure DevOps #1 Best Practice - Identity!
play_arrow
Azure Pipelines Variables - Naming, Reuse and Secrets

Azure Pipelines Variables - Naming, Reuse and Secrets
play_arrow
Azure Pipelines - Use YAML not Classic UI

Azure Pipelines - Use YAML not Classic UI
play_arrow
Did you close this CI/CD Security Backdoor? Pull Requests!

Did you close this CI/CD Security Backdoor? Pull Requests!