Technology has advanced to a state where clients now expect a constant stream of updates for their software and applications. To fulfill this demand, developers commonly turn to what’s known as a CI/CD pipeline. As noted by Synopsys, this practice embraces two important software development concepts of today’s streamlined world:

• Continuous Integration (CI): The effort of software engineers to assimilate their work together as much as possible. They oftentimes use automation tools that support building and testing with the purpose of creating a software-defined lifecycle.
• Continuous Delivery (CD): The orchestration of software’s construction, configuration and packaging to allow a product’s release at any moment. CD relies on a balance of low cost and high automation to deliver software packages on a timely basis.

CI and CD coalesce to create a number of advantages for software developers. According to Code Dx, the CI/CD union injects agility into the software development process by enabling developers to build components, integrate their work and address errors incrementally, thereby avoiding lengthy delays at the end of the development process. This translates into faster deployment of the software. Additionally, by allowing developers to fix errors on an ongoing basis, CI/CD allows developers to create better apps by freeing up their time to focus on more important tasks like usability testing.

Security and the CI/CD Pipeline

A CI/CD pipeline constitutes a crucial bridge between the development organization and those consumers who use its products. This significance isn’t lost on digital attackers. They know that by gaining access to the CI/CD pipeline, they can corrupt the software delivery process and potentially pull off something resembling what happened to MeDoc in the case of NotPetya.

Such threats highlight the importance of applying security to the CI/CD pipeline. But that’s not exactly a straightforward process. Per (Read more...)