Continuous Integration and Continuous Deployment (CI/CD)
tag: [Engineer/Developer, Security Specialist, Devops, SRE]
Continuous Integration and Continuous Deployment are there to ensure good code quality and create rapid and secure deployments. Some best practises are:
- Ensure every PR undergoes CI testing (e.g., GitHub Actions) that must pass before merging. CI tests should at least include unit tests, integration tests, and checks for known vulnerabilities in dependencies.
- The CI/CD pipeline should check for misconfigurations and leaked credentials.
- Produce deterministic builds with a strict set of dependencies and/or a build container that can reliably produce the same results on different machines.
- Integrate security scanning tools to detect vulnerabilities in code and dependencies during the CI process.
- Use isolated environments for building and testing to prevent contamination between different stages of the pipeline.
- Implement strict access controls for CI/CD pipelines to limit who can modify the pipeline configurations.