February 18, 2023
InfosecGirls Session - 18th February, 2023
Topic: Secure software supply chain — dependency scanning, SBOM basics, and what changed in attacker patterns for CI/CD pipelines.
Summary
- Dependency and container image scanning in PRs vs periodic audits.
- SBOM 101: why inventory matters for incident response and licence risk.
- CI/CD hardening: branch protections, signed commits, and secret scanning.
- Recent attacker patterns: poisoned packages, typosquatting, and pipeline credential theft.