Securing your CI/CD environment
Let’s assume that we want to deliver some application our company is maintaining and that as a modern company, we are using CI/CD in a cloud environment, as shown in the following figure:
Figure 8.1 – Example of a CI/CD environment
The preceding figure shows a simplified environment that is hosted in the cloud and was created using IaC. We assume that application development and deployment processes are mainly source-code-driven and that we are using a source code management (SCM) system, such as Git. We have a CI system that listens to changes; when something changes, it builds and tests software and pushes this to an artifact store. We have a GitOps controller in place, which listens for changes, and when new artifacts arrive or the repository gets updated, it deploys the application. This is a very simplified process for the sake of finding some attack vectors. In a real-world scenario, this might not fit...
