Pulumi ESC has unveiled a redesigned onboarding experience that simplifies the setup process for using it as an OpenID Connect (OIDC) provider. The automated setup allows users to connect with AWS, Azure, and Google Cloud seamlessly, enhancing security by eliminating hard-coded credentials and streamlining configuration management. This update aims to make the onboarding process smoother and more efficient for users.

Unit 42 researchers identified critical security risks in the implementation of OpenID Connect (OIDC) within CI/CD environments, revealing vulnerabilities that threat actors could exploit to access restricted resources. Key issues include misconfigured identity federation policies, reliance on user-controllable claim values, and the potential for poisoned pipeline execution. Organizations are urged to strengthen their OIDC configurations and security practices to mitigate these risks.