Security of Public Continuous Integration Services
Continuous Integration (CI) and Free, Libre and Open Source Software (FLOSS) are both associated with agile software development. Contradictingly, FLOSS projects have difficulties to use CI and software forges still lack support for CI. Two factors hamper widespread use of CI in FLOSS development: Cost of the computational resources and security risks of public CI services. Through security analysis of public CI services, this paper identifies possible attack vectors. To eliminate one class of attack vectors, the paper describes a concept that encapsulates a part of the CI system via virtualization. The concept is implemented as a proof of concept.