Security basics
Security is important in every aspect of our lives, including our CI/CD environments. Just like you wouldn’t leave your garage door open when you’re not home, you shouldn’t leave your CI/CD environment vulnerable to attacks. In this section, we’ll discuss some basic security principles that you should follow when building your CI/CD environment. By following these principles, you can help protect your organization from attacks.
First, we should keep in mind that many CI systems can be considered remote code execution as a service. You are defining some tasks, scripts, and actions, and whatever these things are called in your tooling, and you execute them in an environment, hosted by you, or at least under your responsibility. In many cases, this environment has access to your code repository or other internal systems, which could be very interesting for attackers. As we learned earlier in this chapter, there were supply chain attacks that...
