A brief discussion of CI/CD plugins
Let’s talk about spooky things that can happen while using the GitHub Marketplace or the Visual Studio Marketplace for build pipeline extensions. Much has been written this year about about supply chain attacks. In short, an attacker can gain access to a target by looking for an easier to compromise dependency of the target. This is a simplification, but it captures what happened with the SolarWinds incident, NPM package namespace incidents, and earlier Maven based attacks. ...