Security of Public Continuous Integration Services

This presentation is part of the WikiSym + OpenSym 2013 program.

Volker Gruhn; Christoph Hannebauer; Christian John

Continuous Integration (CI) and Free, Libre and Open Source Software (FLOSS) are both associated with agile software development. Contradictingly, FLOSS projects have difficulties to use CI and software forges still lack support for CI. Two factors hamper widespread use of CI in FLOSS development: Cost of the computational resources and security risks of public CI services. Through security analysis of public CI services, this paper identifies possible attack vectors. To eliminate one class of attack vectors, the paper describes a concept that encapsulates a part of the CI system via virtualization. The concept is implemented as a proof of concept.

A PDF file will be made available on August 5, 2013, through the WikiSym + OpenSym 2013 conference proceedings.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.