Dark Reading

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln

For the second time in less than a month GitLab has users scrambling to address a critical vulnerability in the community and enterprise editions of its DevOps ...
Bleeping Computer

Critical GitLab bug lets attackers run pipelines as any user

A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. GitLab is a popular web-based ...
CSOonline

AI in CI/CD pipelines can be tricked into behaving badly

Malicious content in issues or pull requests can trick AI agents in CI/CD workflows into running privileged commands in an attack researchers nicknamed PromptPwnd. AI agents embedded in CI/CD ...
CSOonline

Securing CI/CD pipelines: 6 best practices

In May, GitLab reported tackling similar cryptomining attacks on its platform from attackers abusing “free minutes” (quota) allotted to new accounts. Because the very nature of CI/CD automation tools ...
SD Times

Are CI/CD pipelines bursting at the seams?

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...