Episode 03 | Backstage Threat Model: Trust Boundaries, Plugin Risk, and Operator Controls скачать в хорошем качестве

Episode 03 | Backstage Threat Model: Trust Boundaries, Plugin Risk, and Operator Controls

In this video, we work through the Backstage Threat Model with a production mindset: what Backstage assumes about trust, where the real boundaries are, and what you as an operator must explicitly control. The goal is to help DevOps and Platform Engineering teams reason about Backstage as an Internal Developer Platform component that runs with meaningful access to infrastructure, source control, and internal systems. We will break down the trust levels (internal users, operators, builders, and external users) and how those assumptions change the way you design exposure, authentication, and authorization. This includes why Backstage should typically sit behind an authenticating proxy, what “signed-in users can do by default,” and when the permissions system becomes necessary for confidentiality and integrity in real organizations. You will also learn where plugin isolation does not exist in typical deployments, especially around shared backend services and shared databases. We connect that to practical risk: plugin supply chain hygiene, dependency management for your Backstage repository, and how multi-service separation can reduce blast radius when you run Backstage on Kubernetes. Finally, we cover high-impact operator configuration areas that commonly show up in security reviews: UrlReader allowlists and SSRF risk, authentication provider choices and identity spoofing scenarios, token behavior across backend plugins, and sensitive surfaces in the Catalog, Scaffolder, TechDocs, and Proxy. These topics tie directly to CI/CD, GitOps workflows, and developer experience, where Backstage often needs elevated integrations that must be constrained and audited. #backstage #platformengineering #devops #cicd