Securing the CI Pipeline


A key element of DevOps is the securing of the CI Pipeline.

Doing CI builds, testing and deployments have lots of advantages, when made correctly. Using libraries from 3rd parties in your build, which can be on compromised servers, or even signing your packages or artifacts automatically could end in you delivering compromised software to others.

Potential outcomes

  • A set of practices for DevOps and Developers?
  • CheatSheet for developers who use third party services?
  • Recommendations for 3rd party service providers? (e.g: provide warning messages of possible insecurities?)

Who

  • DevSecOps (or SecDevOps), depending on DevSecOps vs SecDevOps.
  • 3rd party service providers: Travis, SNYK, Codiscope, Gitlab, Node Security, ….
  • Security professionals
  • Developers

References

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here