Combining DevSecOps and CI/CD
A DevSecOps practice needs to be embedded with every step of the CI/CD pipeline. DevSecOps ensures the security of the CI/CD pipeline by managing the right access and roles assigned to each server and making sure the build servers such as Jenkins are hardened to be protected from any security glitch. In addition to that, we need to make sure that all artifacts are validated and code analysis is in place. It's better to be ready for incident response by automating continuous compliance validation and incident response remediation.
The following diagram provides us with multiple stages to test security boundaries and catch security issues and compliance with policies as early as possible:
Figure 12.7: DevSecOps and CI/CD
At each integration point, you can identify different issues, as illustrated in the preceding diagram:
- In the coding phase, scan all code to ensure no secret key or access key is hardcoded in between code...