Securing build and deployment infrastructure
When securing your software delivery processes in Cloud Build, it is important to begin with the underlying infrastructure that runs the builds themselves. If compromised, attackers can access sensitive information such as your source code, your secrets that the build may access, and the deployment targets with which your builds interact.
Underlying infrastructure in this chapter’s example specifically means the following:
- Private pool workers that execute Cloud Build builds
- VPC networking, connecting workers to systems such as Artifact Registry and GKE
- Minimal or managed container images executing build steps
We will begin by creating a private pool for our example.
Creating private pools with security best practices
Previously introduced in Chapter 2, Configuring Cloud Build Workers, private pools are a specific mode for Cloud Build workers that have distinct features from the default pool, including...