Security in Continuous Delivery and Testing Your Deployment
In the previous chapters, we discussed what we should consider when architecting our CI/CD infrastructure and why velocity is important. When deploying our software, we often deal with lots of moving parts and privileges, all of which can be abused. Furthermore, the build process itself might be vulnerable to attacks.
In ancient times, CI/CD environments were often treated as second-class citizens. This means that they were not secured properly and that they were often not maintained properly. This was mainly because they were not considered as important as the production environment.
However, this has changed recently. In the last few years, there have been many attacks on CI/CD environments. One of the most prominent attacks was the Solarwinds hack. The attackers compromised the CI/CD environment of Solarwinds and injected malicious code into their Orion Tool for updating IT infrastructure. This code was then distributed...
