Imagine you’re building ahouse.
The developer environment is thefoundation, the DevOps platform is theframing, and the application environment is thefinishing touches.
- If the foundation is not secure,the entire house could collapse.
- If the framing is not secure, thehouse could be easily brokeninto.
- If the finishing touches are notsecure, the house could bevulnerable to pests and otherdamage.
Common pipelineattack vectors
- Runtime variables and argumentinjection
- Service principals or credentialsretrieval
- Misconfigured personal accesstoken
- Vulnerabilities andmisconfigurations in third-partyintegrated tools
Aspects ofSecuring DevOpsInfrastructure
- Secure the Developer Environment
- Secure the DevOps Platform
- Secure the Applications Environment
Views: 0
