CI/CD stands for “continuous integration and continuous delivery.” It’s a modern software development practice that automates the various steps it takes for code written by a developer to be pushed live into production.
Thanks to the automation of CI/CD pipelines, organizations are able to deploy both new code and essential security features—sometimes up to hundreds of times per day—to keep the cloud applications you rely on running without a hiccup.
CI/CD pipelines are extremely beneficial. But, of course, there’s a catch. By design, CI/CD pipelines need to have enormous privileges and access to highly sensitive data to make changes to a live app. This makes them very attractive targets for cybercriminals — which brings us to CI/CD security.
CI/CD security refers to the practices, processes, and technologies organizations use to ensure the security and integrity of the CI/CD pipeline.
CI/CD security includes:
Ideally, CI/CD security is part of an organization’s overall application security (or AppSec) program, which is designed to keep all angles of a cloud-native application secure.
Attackers know that the CI/CD pipeline is an easy way to gain access to an organization and its secrets. Organizations can focus on several key areas to keep their CI/CD pipeline secure:
To learn more about how CI/CD and how to harden your pipelines against attack, watch the latest episode of What’s That with Prisma Cloud.
Access a wealth of educational materials, such as datasheets, whitepapers, critical threat reports, informative cybersecurity topics, and top research analyst reports