Securing the CI Pipeline


Why

This Working Session will consider the securing of the CI Pipeline - A key element of DevOps.

Doing CI builds, testing, and deployments have many advantages when done correctly. Using libraries from 3rd parties in your build can be on compromised servers. Even signing your packages or artifacts automatically could result in you delivering compromised software to others.

What

  • Identify best practice for DevOps and Developers
  • Agree what to include in a cheat sheet for developers who use third party services
  • Agree recommendations for 3rd party service providers (for example, provide warning messages of possible insecurities)

Outcomes

This Working Session will publish:

  • A set of practices for DevOps and Developers
  • Cheat sheet for developers who use third party services
  • Recommendations for 3rd party service providers

Who

  • DevSecOps (or SecDevOps), depending on DevSecOps vs SecDevOps.
  • 3rd party service providers: Travis, SNYK, Codiscope, Gitlab, Node Security, ….
  • Security professionals
  • Developers

References


Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions)

Content

…add content…

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here