eBooks & Reports

Build-Time Security: Securing Your CI/CD Pipeline

Issue link: https://resources.threatstack.com/i/1102021

Contents of this Issue


Page 4 of 4

Assuming that the system is func oning as the company has designed it, the ephemeral nature and shorter life spans have reduced their risk of compromise. However, it has not removed risk. There are s ll ways this system can be remotely compromised. Here's why: The underlying machine image (or container) is probably not changing per-run. If an a acker can work quickly enough, usually by leveraging automa on, they can s ll steal sensi ve informa on. Conclusion Teams that embrace DevOps and use CI/CD gain a huge compe ve advantage in their ability to deliver value to customers quickly. And in recent years, more effort has been made to build security into the applica ons that go through that process — in effect, using a DevSecOps approach that weaves security throughout the en re so ware development lifecycle instead of just thinking about security at the last minute before deploying to produc on. But less a en on has been paid to the infrastructure that makes CD possible. Development me tools and environments may have different risks and pose different value to an a acker, but can s ll lead to devasta ng consequences if breached. Build environments are massive transit hubs for business value and should be secured with the same care as the so ware that passes through them and the produc on environments where they ul mately run. About Threat Stack Threat Stack enables DevOps and SecOps teams to innovate and scale securely by providing full-stack cloud security observability from the control plane to the applica on layer. Leveraging powerful insights from the industry's leading cloud-op mized intrusion defense pla orm, the Threat Stack Cloud Security Pla orm ® , the Threat Stack Cloud SecOps Program℠ works directly with customers through a series of co-managed services to proac vely reduce risk and improve cloud security posture with real- me alerts and trended threat intelligence. With a powerful combina on of technology and services, Threat Stack customers can efficiently detect security incidents, achieve compliance, and deploy containers securely. 04 BUILD-TIME SECURITY: SECURING YOUR CI/CD PIPELINE Copyright © 2019, Threat Stack, Inc. All rights reserved.

Articles in this issue

view archives of eBooks & Reports - Build-Time Security: Securing Your CI/CD Pipeline