CI/CD and Security
CI/CD
- Maintain a code repository
- Automate the build
- Keep the build fast
- Make the build self-testing
- Commit early, commit often
- Every commit to the mainline gets built
- Everyone can see the results of the build
- Automate the deployment
Security
- Immutable artifacts
- CVE Scanning
- Least Privileged
- Network Isolation
- Run Time protection
- Signed Commits
- Signed Images