Enhancing Security For Your CI/CD Pipeline

The DevOps movement has been gaining notoriety in recent years for what appears to be the best thing that has happened to the traditional software development lifecycle. Whether this is the pinnacle of DevOps’ popularity has yet to be seen and only time will tell.Hidden in the noise are some valid questions:“How do we get started?”“What is the best approach?”“Where should we apply these processes/tools?”“Why is this better than our current process?”I will attempt to address some of these common questions in this article. It would take multi-volume tomes to provide sufficient coverage to the subject of DevOps best practices for all the different organizations in various stages/sizes/locales. But for the purposes of this article, the scope will be limited to born-in-the-cloud organizations and to the best practices of implementing a CI/CD pipeline, the design principles of a resilient and highly available production stack, and the foundation of security.Generally, born-in-the-cloud organizations tend to be more receptive to new technologies and methodologies as their resources are limited. Being mindful of the given business constraints, a pragmatic approach should be taken. Full end-to-end automation should still be the key driver in keeping organizations on track and eliminating the potential for human error.A Pragmatic...
Read more