Program

/

CODE BLUE 2025

Time Table

Introduction to CICDGuard - Orchestrating visibility and security of CICD ecosystem

DAY 2

10:00-10:40

CICDGuard is a graph based CICD ecosystem visualizer and security analyzer -

      1. Represents entire CICD ecosystem in graph form, providing intuitive visibility and solving the awareness problem
      2. Identifies common security flaws across supported technologies and provides industry best practices for identified flaws adhering to OWASP CICD Top10
      3. Identifies the relationship between different technologies and demonstrates how vulnerability in one component can affect one or more other technologies
      4. Technologies supported - GitHub, GitHub Action, Jenkins, JFrog, Spinnaker, Drone

CICD platforms are an integral part of the overall software supply chain and it processes a lot of sensitive data, compromise of which can affect the entire organization. One of the challenges with security OF CICD, like most areas of security, is the lack of visibility of what actually makes a CICD ecosystem. Security starts with being aware of what needs to be secure.

  • Location :

    • Track 3(Room 3)

  • Category :

    • Bluebox

  • Share :

Speakers

  • プラモド・ラナ の写真

    Pramod Rana

    プラモド・ラナ

    Pramod Rana is author of below open source projects:

        1) Omniscient - LetsMapYourNetwork: a graph-based asset management framework
        2) CICDGuard - Orchestrating visibility and security of CICD ecosystem
        3) vPrioritizer - Art of Risk Prioritization: a risk prioritization framework

    He has presented at BlackHat, Defcon, nullcon, OWASPGlobalAppSec, HITB, AusCert, rootcon, AppSecNZ, HackMiami, HackInParis and Insomnihack before. He is OWASP Pune chapter lead.
    He is leading the application security team in Netskope with primary focus on integrating security controls in the development process and providing security-testing-as-a-service to engineering teams.