What Is Continuous Deployment and How Does It Work? | Synopsys
Go Back
By Industry
By Technology
Synopsys Cloud
Synopsys Cloud

Cloud native EDA tools & pre-optimized hardware platforms

Request a Free Evaluation →
Synopsys Cloud Insights
Cloud Insights

Insights & answers to help you familiarize yourself with the best cloud solution for EDA

Explore →
View All Solutions →
Explore Silicon Design & Verification

Synopsys is a leading provider of electronic design automation solutions and services.

Families
Optical Design
Photonic Design
Design
3D Image Processing
Verification
Modeling & Simulation
Silicon Engineering
Try Synopsys Cloud
Synopsys Cloud

Unlimited access to EDA software licenses on-demand

Free Evaluation →
Explore Silicon IP

Synopsys is a leading provider of high-quality, silicon-proven semiconductor IP solutions for SoC designs.

Interface IP
Processor IP
Analog IP
Memories & Libraries
SoC Architecture
Security IP
SoC Infrastructure IP
IP Accelerated
IP Markets
Synopsys IP Portfolio Cover
Synopsys IP Portfolio
Download Brochure →
Synopsys IP Technical Bulletin
Read Latest Issue →
Explore Application Security

Synopsys helps you protect your bottom line by building trust in your software—at the speed your business demands.

Integrated AppSec Solutions
Software Risk Analysis
AppSec Program Services
2022 Gartner® Magic Quadrant™ for Application Security Testing
2022 Gartner® Magic Quadrant™ for Application Security Testing
Download Now →
View All Products →
Company Overview
Resources
SNUG 2023 | Synopsys
SNUG 2023

Call for Content is Now Open!

Apply Now! →
Synopsys Job Search Thumbnail
Pursue Your Passion

Start Your Job Search

Apply Now →
Table of contents

Definition

Thanks to the similarity in abbreviations, continuous deployment is often confused with continuous delivery. As IT blogger Carl Caum notes, it “...is the next step of continuous delivery: Every change that passes the automated tests [in continuous delivery] is deployed to production automatically” and released to customers. Without one, you can’t have the other.

How to secure continuous deployment

Automation is key to continuous deployment and security. Automate wherever you can automate. In addition, Jim Bird, author of “DevOpsSec: Securing Software Through Continuous Delivery,” recommends these activities:

  • Do a threat model on the CI/CD pipeline. Look for weaknesses in the setup and controls, and gaps in auditing or logging.
  • Harden the systems that host the source and build artifact repositories, the CI/CD servers, and the systems that host the configuration management, build, deployment, and release tools.
  • Ensure that keys, credentials, and other secrets are protected. Get secrets out of scripts and source code and plaintext files, and use an audited, secure secrets manager.
  • Secure access to the source and binary repos, and audit access to them.
  • Implement access control across the entire toolchain.
  • Change the build steps to sign binaries and other build artifacts to prevent tampering.
  • Ensure that all systems are monitored as part of the production environment.
<p>This eBook details three ways of achieving security with speed. </p> <ul> <li>Run the right test at the right time and to the right depth</li> <li>Align remediation efforts with business risks</li> <li>Empower developers to secure code as fast as they write it  </li> </ul>

The Top Three Ways to Build Security into DevOps

This eBook details three ways of achieving security with speed. 

  • Run the right test at the right time and to the right depth
  • Align remediation efforts with business risks
  • Empower developers to secure code as fast as they write it  
Get the eBook

Continue reading

Solution
Application Security Testing Tools
Solution
Managed Application Security Testing Services
Analyst Report
2022 Gartner® Magic Quadrant™ for Application Security Testing