Security in Continuous Delivery and Testing Your Deployment

In the previous chapters, we discussed what we should consider when architecting our CI/CD infrastructure and why velocity is important. When deploying our software, we often deal with lots of moving parts and privileges, all of which can be abused. Furthermore, the build process itself might be vulnerable to attacks.

In ancient times, CI/CD environments were often treated as second-class citizens. This means that they were not secured properly and that they were often not maintained properly. This was mainly because they were not considered as important as the production environment.

However, this has changed recently. In the last few years, there have been many attacks on CI/CD ...

Get Strategizing Continuous Delivery in the Cloud now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.