FOR DEVELOPERS

CI/CD Pipeline Security Best Practices

Author

Bervianto Leo Pratama
Bervianto Leo Pratama is a software engineer and technical writer who loves to learn every day. He actively writes technical blogs. His blog is about Microservices, DevOps, and Developer Tools.

Frequently Asked Questions

What is security?

A condition that results from the establishment and maintenance of protective measures that enable an organization to perform its mission or critical functions despite risks posed by threats to its use of systems.

What are some security best practices in the CI/CD pipeline?

There are many best practices that we can follow, such as ensuring credentials are not in plain text, rotating secrets, validating inputs, using a secret manager, and using OpenID authentication when connecting to cloud services.

What is CI?

CI stands for continuous integration, which is a practice to continuously integrate code into an application.

What are the best practices for managing CI/CD secrets?

Secrets or credentials of CI/CD should not be in plain text but should be encrypted. A secret manager should be used to manage CI/CD secrets and rotate them.

What is CD?

CD is continuous deployment/continuous delivery. Continuous deployment is a practice of continuously deploying an application automatically to production. On the other hand, continuous delivery has an approval process before it is deployed automatically.

How do you provide security in the CI/CD pipeline?

For the CI pipeline, this can be done by encrypting secrets, using a secret manager, and using source code analysis. For the CD pipeline, this includes adding only the necessary files to the docker image and protecting the docker registry.

View more FAQs