Topic

devsecops

Activities

1

tagged

Activity Trend

2 peak/qtr

2020-Q1 2026-Q1

Top Events

Java User Group Xmas-Edition - JUG x IBM | Talks & Drinks 1 Identifying vulnerabilities in public Kubernetes Helm charts 1 Accelerating AppSec: Comprehensive DevSecOps with GitHub GHAS, Copilot & Coveros 1 3# DevSecOps in Azure + GitHub 1 Accelerating AppSec: Comprehensive DevSecOps with GitHub GHAS, Copilot & Coveros 1

Top Speakers

Elli Shlomo (Microsoft) 1 Nigel Douglas (Cloudsmith) 1

Activities

Showing filtered results

All Video Podcast Book

Filtering by: Nigel Douglas ×

Securing Helm charts in public repositories

2025-05-20 · Identifying vulnerabilities in public Kubernetes Helm charts

talk

by Nigel Douglas (Cloudsmith)

Kubernetes chart integrity dependency vulnerabilities helm rbac supply chain security

30-minute talk on the evolving threat landscape around Helm charts in public repositories. We’ll discuss real-world incidents such as the Codecov supply chain attack and hypothetical attack vectors like 'ChartSploit', highlighting how seemingly benign configurations can be exploited. Topics include anatomy of vulnerable charts, risk areas (RBAC misconfigurations, dependency vulnerabilities), and actionable strategies to secure Kubernetes environments—auditing deployments, verifying chart integrity, enforcing strict access controls, and adopting DevSecOps practices.