Search Results

Documents authored by Oliveira, Vasco Manuel


Document
Vulnerability Detection Across Different CI/CD Platforms

Authors: Vasco Manuel Oliveira, Alberto Simões, and Pedro Rangel Henriques

Published in: OASIcs, Volume 135, 14th Symposium on Languages, Applications and Technologies (SLATE 2025)


Abstract
In recent years, more attention has been paid to the security of the software supply chain (SSC). While at first SSC was just seen as the dependency of other libraries, today SSC is broader, considering all the environment where a software application is developed, from the actors, hardware and auxiliary tools. This work focuses on a specific part of software supply chain security: the tools used for continuous integration and continuous deployment (CI/CD) and their vulnerabilities and risks. These tools are widely used by organizations to accelerate their software development, testing, and delivery, making any security issue present in these tools problematic for the organization. This is especially true given that most tools are open-source, making these tools the primary targets for exploits. We will present a quick introduction to SSCS and CI/CD and provide a practical solution to detect risks and vulnerabilities in CI/CD tools, emphasizing the modular approach, allowing the system to easily scale to detect new risks and vulnerabilities, as well as to support new CI/CD tools.

Cite as

Vasco Manuel Oliveira, Alberto Simões, and Pedro Rangel Henriques. Vulnerability Detection Across Different CI/CD Platforms. In 14th Symposium on Languages, Applications and Technologies (SLATE 2025). Open Access Series in Informatics (OASIcs), Volume 135, pp. 4:1-4:15, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2025)


Copy BibTex To Clipboard

@InProceedings{oliveira_et_al:OASIcs.SLATE.2025.4,
  author =	{Oliveira, Vasco Manuel and Sim\~{o}es, Alberto and Henriques, Pedro Rangel},
  title =	{{Vulnerability Detection Across Different CI/CD Platforms}},
  booktitle =	{14th Symposium on Languages, Applications and Technologies (SLATE 2025)},
  pages =	{4:1--4:15},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-387-4},
  ISSN =	{2190-6807},
  year =	{2025},
  volume =	{135},
  editor =	{Baptista, Jorge and Barateiro, Jos\'{e}},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.SLATE.2025.4},
  URN =		{urn:nbn:de:0030-drops-236848},
  doi =		{10.4230/OASIcs.SLATE.2025.4},
  annote =	{Keywords: Software Supply Chain, Software Supply Chain Security, CI/CD Platforms}
}
Any Issues?
X

Feedback on the Current Page

CAPTCHA

Thanks for your feedback!

Feedback submitted to Dagstuhl Publishing

Could not send message

Please try again later or send an E-mail