This article has been indexed from DZone Security Zone
This week, we have news of a high criticality vulnerability on GoCD, a common open-source CI/CD system, allowing attackers to hijack secrets of downstream supply chains. There is also an excellent article on the journey of Raiffeisen Bank International toward full lifecycle API security, another article on how API security is hindering application delivery, and a report on the continued API sprawl by F5.
Vulnerability: Popular GoCD CI/CD Platform Vulnerability Disclosed
This week, SonarSource warned of a highly critical vulnerability in the common open-source CI/CD system, GoCD. The vulnerability could allow attackers to gain access to critical pipeline data, including secrets such as API tokens or credentials for downstream supply chain elements.
Read the original article: API Security Issue: 159