GitOops! Attacking and defending CI/CD pipelines.
As part of our ongoing quest to improve the status quo of CI/CD security, we present GitOops: a tool to map CI/CD attack paths in a GitHub organization.

As part of our ongoing quest to improve the status quo of CI/CD security, we present GitOops: a tool to map CI/CD attack paths in a GitHub organization.
Introduction In the computing world, blue green [https://martinfowler.com/bliki/BlueGreenDeployment.html] is an established model of deployment usually associated with software applications. The idea being you can run two versions of code side-by-side and switch traffic to a new version without…
Moving fast and making things. This post has two goals - to share the story of a quick tool we created to solve a problem, and share a template that can be adapted easily for any Slack bot slash command to run a Python script in AWS Lambda.
Dave ConnellA high level overview of the problems we found with our AWS account architecture and how we solved them
Dave ConnellA Shared Network Connecting cloud projects together and to on-prem services is a standard problem of organisations. At OVO we use the 10.0.0.0/8 CIDR block for our internal network. This range is split into subnets for each office, AWS or GCP project, or on-prem. When a new cloud project wants to j…
Daniel Flook