Cloud & CI/CD security Techspot

Doors open, registration starts

Register and get a snack before the talks begin.

Panel discussion: How AI tooling affects product security

We’ll explore how AI and security influence each other across the software development lifecycle:

1. AI for coding — how developers use AI to write applications and infrastructure code.

2. AI for security automation — how AI helps scan code for vulnerabilities and enforce security compliance.

3. AI in production — embedding AI-powered features into products and new security challenges that come with it.

‍

Breaking the CI/CD chain: security risks in GitHub Actions

A talk from an engineer at one of Israel’s leading cybersecurity companies about real cases of misconfigurations and exploits, including the recent tj-actions/changed-files issue.

Igor will show how third-party or transitive actions can open attack paths inside your pipeline.

He’ll also demo a new tool that maps and analyzes transitive dependencies between actions, helping teams understand their impact and reduce exposure.

See how security tools — from static analysis to runtime monitoring — fit together to protect CI/CD environments, and learn practical steps for securing your own workflows.

Networking break

Lots of pizza and beer coming! You just bring your appetite — for both food and conversation 🙂

DevOps gone rogue: hidden threats in CI pipelines

Michał will share an unusual take on supply-chain attacks and show what happens when these techniques combine with insider scenarios.

Learn how an attacker with developer-level repo access can abuse technical debt in CI/CD to gain control over production environments like Docker or Kubernetes while staying invisible to threat detection systems.

The talk focuses on the defensive perspective: we’ll look at realistic chains of misconfiguration and detection gaps and then cover practical mitigations you can apply immediately. 

Afterparty