Skip to content

How to build a tamper-evident CI/CD system

Photo of
Hosted By
Adarsh S.


6:30pm - Doors open
6:30-7:00pm - Social
7:00-7:45pm - Talk by Trishank Kuppusamy from Datadog followed by Q&A
7:45-8:30pm - Social / Wrap Up

Thanks to StackOverflow for sponsoring Food/Drinks & venue.

Title: How to build a tamper-evident CI/CD system

CI/CD is critical to any DevOps operation today, but when attackers
compromise it, they get to distribute malicious software to millions of
unsuspecting users. We present how Datadog used TUF and in-toto to develop, to the best of our knowledge, the industry’s first end-to-end verified pipeline that automatically builds integrations for the Datadog agent. That is, even if this pipeline is compromised, users should not be able to install malware. We will show a demonstration of our pipeline in production being used to protect users of the Datadog agent, and describe how you can use TUF + in-toto secure your own pipeline.

Trishank Karthik Kuppusamy is a security engineer at Datadog, Inc. Previously, he led the research and development of The Update Framework (TUF) and Uptane at the NYU Tandon School of Engineering. He is also a member of the IEEE-ISTO Uptane standardization alliance, and an Editor of in-toto Enhancements.


If you or anyone you know is interested in speaking please submit your talk here:
Stack Overflow, Inc.
110 William St, 28th floor · New York, NY
Google map of the user's next upcoming event's location