Day 20

DevSecOps Advent of Frostlings

Learning Objectives

• Learn about poisoned pipeline execution.

• Understand how to secure CI/CD pipelines.

• Get an introduction to secure software development lifecycles (SSDLC) & DevSecOps.

• Learn about CI/CD best practices.

This room is again a very straightforward one with all commands and instructions already given. We just need to follow along and run them.

What is the handle of the developer responsible for the merge changes? 
[REDACTED]

This can be found under merge requests

What port is the defaced calendar site server running on?
[REDACTED]

This can be found after looking at the docker command run in the config file

What server is the malicious server running on?
[REDACTED]

This can be found after looking at the docker command run in the config file

What message did the Frostlings leave on the defaced site?
[REDACTED]

This can be found upon visiting the defaced website

What is the commit ID of the original code for the Advent Calendar site?
[REDACTED]

Look at the last known commit by a good actor and you will find  the commit ID