How we Abused Repository Webhooks to Access Internal CI Systems at Scale


As adoption of CI systems and processes becomes more prevalent, organizations opt for a CI/CD architecture which combines SaaS-based source control management systems (like GitHub or GitLab) with an internal, self-hosted CI solution (e.g. Jenkins, TeamCity). Many organizations using such architectures allow these CI systems to receive webhook events from the SaaS source control vendors, for the simple purpose of triggering pipeline jobs.

Huge thanks to Yaron Avital, Tyler Welton and Daniel Kriv…

Read More