What exactly is a pipeline? What systems and resources does it interact with? And most importantly, how can we ensure that no pipeline becomes a pivot point for an attacker to compromise our most valuable systems? Can we be confident pipelines are running what we expect and providing the necessary evidence supporting engineering quality requirements?

These questions point to a (perhaps overlooked) concept: Protected Resources. In this talk, we will explore how shifting to a new mindset can promote visibility into pipelines, ensure adherence to security protocols, and prevent pipelines from becoming attack vectors. We'll delve into practical strategies to gain observability, improve compliance, and better secure your CI/CD system in the age of automation.

---
Session @ London BSides 2024: https://www.youtube.com/watch?v=DPof3FAh8U4&t=401s
Relevant blogs:
- https://ytimyno.github.io/blog/cicd/protected_resources/
- https://ytimyno.github.io/blog/cicd/access_lifecycle/
- https://ytimyno.github.io/blog/cicd/execution_agents/