close search bar

Sorry, not available in this language yet

close language selection
  • English
  • 日本語
  • 简体中文
Table of Contents

Definition

Thanks to the similarity in abbreviations, continuous deployment is often confused with continuous delivery. As IT blogger Carl Caum notes, it “...is the next step of continuous delivery: Every change that passes the automated tests [in continuous delivery] is deployed to production automatically” and released to customers. Without one, you can’t have the other.

<p>This eBook details three ways of achieving security with speed. </p> <ul> <li>Run the right test at the right time and to the right depth</li> <li>Align remediation efforts with business risks</li> <li>Empower developers to secure code as fast as they write it  </li> </ul>

The Top Three Ways to Build Security into DevOps

This eBook details three ways of achieving security with speed. 

  • Run the right test at the right time and to the right depth
  • Align remediation efforts with business risks
  • Empower developers to secure code as fast as they write it  
Get the eBook

How to secure continuous deployment

Automation is key to continuous deployment and security. Automate wherever you can automate. In addition, Jim Bird, author of “DevOpsSec: Securing Software Through Continuous Delivery,” recommends these activities:

  • Do a threat model on the CI/CD pipeline. Look for weaknesses in the setup and controls, and gaps in auditing or logging.
  • Harden the systems that host the source and build artifact repositories, the CI/CD servers, and the systems that host the configuration management, build, deployment, and release tools.
  • Ensure that keys, credentials, and other secrets are protected. Get secrets out of scripts and source code and plaintext files, and use an audited, secure secrets manager.
  • Secure access to the source and binary repos, and audit access to them.
  • Implement access control across the entire toolchain.
  • Change the build steps to sign binaries and other build artifacts to prevent tampering.
  • Ensure that all systems are monitored as part of the production environment.

Continue Reading

Blog

Automating web security testing within your DevOps pipelines

Achieve continuous testing without creating friction in DevOps pipelines.

Learn more →
Research Paper

SANS 2022 DevSecOps Survey: Creating a Culture to Significantly Improve Your Organization's Security Posture

Learn more →
Blog

DevSecOps is no longer a consideration—it’s a necessity

Gartner reported that DevSecOps, among several other use cases, is fundamental for AppSec solutions to address. Learn why Synopsys earned the highest score.

Learn more →