The CI/CD Damn Vulnerable Project: Learning Pipeline Security Through Magic

Fatin Sirat, Security Researcher

This talk introduces the CI/CD Damn Vulnerable Project — a deliberately insecure CI/CD environment designed for hands-on learning. Attendees will explore scenarios based on the Top 10 CI/CD Security Risks, such as Poisoned Pipeline Execution (PPE), Dependency Chain Abuse, and Pipeline-Based Access Controls. Each challenge includes a Harry Potter-themed twist to make the experience both educational and memorable.


Explore the conference agenda

Workshops
Thursday Track 1
Thursday Track 2
Register now!
Friday Track 1
Friday Track 2
Open Source Security Foundation
OWASP Foundation
Open regulatory compliance working group (ORCWG.ORG)

Register today!