engleski

CI/CD TOOLSET SECURITY

Modern application development has redefined the way teams develop their solutions. Instead of using their workstations for building code, a lot of teams have resorted to using microservices for CI/CD systems. CI stands for continuous integration while CD denotes continuous delivery. Combined these two things mean that using a CI/CD system code goes into building and testing cycle as soon as the developer submits it. Since the whole system is inevitably complex, almost all the systems are using a combination of technologies to manage both the building and delivery part as well as underlying services that make building possible. In this space technologies such as Kubernetes or OpenShift are becoming a norm. From the security perspective this creates a whole new problem since such a system has to be deeply integrated into the core of the business network, and any potential threat to the CI/CD infrastructure is immediately a threat to the whole internal infrastructure. CI/CD tools need to have advanced privileges, they have to be able to access code repositories, user directories, complete development environments and even bare metal servers in order to optimize the delivery process. This means that attack surface in such a system is enormous and exploiting it means gaining access to large part of the business infrastructure. Securing such a heterogenous system is a big task and, in this paper, we address most important challenges

CI/CD ; Kubernetes ; Openshift ; Gitlab ; Jenkins ; ArgoCD

nije evidentirano