Source: devops.com
3 DevOps Security Best Practices Your Organization Can’t Afford To IgnoreCategory: Deployment, Software, Business, Database, Security, encryption, automation
By Alexey Klochay on June 11, 20201 CommentCI/CD pipelines are at the core of daily operations for many businesses today.
The more resources your pipelines have access to (secure secrets, proprietary code, databases, etc)., the more important it is to keep your CI/CD system secure.In this article, we talk about the different parts of DevOps security for CI/CD pipelines and highlight a number of ways to improve on these aspects.
Let’s take a deeper look at these categories and ways to address them.It is possible to use your CI/CD pipeline configuration to make security issues less likely to happen.First, safely store secrets that you use in your pipelines for connecting to databases and third-party services.
To ensure that none of your credentials become exposed to those who shouldn’t see them, you should never check these into your repository in plain text, even if the repository is private.Second, for sensitive files like code signing keys, I recommend adding an additional layer of isolation between your encrypted files and your repository for added security.
These two tools will also scan your Git history for traces of secrets that your team might have added to the repository in the past.Once your Git history is clear of secrets, you can proceed to the next level: making sure that your current revision doesn’t contain any vulnerable dependencies.Static Application Security Testing (SAST) techniques can look through the application in your commit and analyze its dependencies.
The more resources your pipelines have access to (secure secrets, proprietary code, databases, etc)., the more important it is to keep your CI/CD system secure.In this article, we talk about the different parts of DevOps security for CI/CD pipelines and highlight a number of ways to improve on these aspects.
Let’s take a deeper look at these categories and ways to address them.It is possible to use your CI/CD pipeline configuration to make security issues less likely to happen.First, safely store secrets that you use in your pipelines for connecting to databases and third-party services.
To ensure that none of your credentials become exposed to those who shouldn’t see them, you should never check these into your repository in plain text, even if the repository is private.Second, for sensitive files like code signing keys, I recommend adding an additional layer of isolation between your encrypted files and your repository for added security.
These two tools will also scan your Git history for traces of secrets that your team might have added to the repository in the past.Once your Git history is clear of secrets, you can proceed to the next level: making sure that your current revision doesn’t contain any vulnerable dependencies.Static Application Security Testing (SAST) techniques can look through the application in your commit and analyze its dependencies.
Related Articles
Community Partners
DevOps Careers