- Silicon Design & Verification
- Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP
- Products
- Markets
- Newsletter
- Customer Success
- News
- Resources
- Company
- About Us
- Investor Relations
- Community
- Newsroom
- Resources
- Careers
< Silicon Design & Verification
Silicon Design & Verification
< Products
< Products
< Products
< Products
< Products
< Products
< Products
< Silicon Design & Verification
< Solutions
< Solutions
< Solutions
Cloud
Synopsys in the Cloud
< Solutions
< Solutions
< Silicon Design & Verification
< Resources
< Resources
Verification
Articles
Blogs
Datasheets
Events
News
Newsletters
Success Stories
Videos
Webinars
White Papers
< Resources
< Silicon Design & Verification
< Services
< Services
< Services
< Silicon Design & Verification
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Silicon Design & Verification
< Training
< Silicon Design & Verification
Training
Training and Education
< main menu
< Silicon IP
Silicon IP
< Products
< Products
Processor Solutions
ARC Processor IP
Embedded Vision Processor IP
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Products
Memories & Libraries
Logic Libraries
Memory Compilers
Duet Packages
HPC Design Kit
Embedded Test & Repair
Non-Volatile Memory
< Products
< Products
Analog IP
Data Converters
< Products
< Products
< Products
< Silicon IP
< Markets
< Silicon IP
Newsletter
< Silicon IP
Customer Success
< Silicon IP
News
< Resources
< Resources
< main menu
< Software Integrity
Polaris Platform
Comprehensive application security from developer to deployment
< Software Integrity
< Software Integrity
< Software Integrity
Professional Services
Strategy and programs that address security before, during and after development
< Software Integrity
< Tools
< Tools
< Tools
< Tools
< Software Integrity
< Services
Managed Security Testing
Managed SAST
Dynamic Analysis (DAST)
Penetration Testing
Mobile Application Security Testing
Network Security Testing
< Services
Professional Services
Strategy and Planning (BSIMM)
Architecture & Design
DevSecOps Integration
Cloud Security
Industry Solutions
< Services
< Software Integrity
< Training
< Training
Product Education
< Training
Community
< Software Integrity
< Solutions
< Solutions
< Resources
< Resources
< Software Integrity
< Software Integrity
Customers
< Partners
< Partners
Become a partner
< Software Integrity
< Software Integrity
Blog
< main menu
< About Us
Company
< About Us
< About Us
About Us
About Us
< Investor Relations
< About Us
Investor Relations
Investor Relations
< Community
< About Us
Community
Community
< Newsroom
< About Us
Newsroom
Newsroom
< Resources
< About Us
Resources
Resources
< Careers
< About Us
Careers
Careers
< main menu
Continuous Deployment
What is continuous deployment?
Thanks to the similarity in abbreviations, continuous deployment is often confused with continuous delivery.
As IT blogger Carl Caum notes, it “...is the next step of continuous delivery: Every change that passes the automated tests [in continuous delivery] is deployed to production automatically” and released to customers. Without one, you can’t have the other.
How to secure continuous deployment
Automation is key to continuous deployment and security. Automate wherever you can automate. In addition, Jim Bird, author of “DevOpsSec: Securing Software Through Continuous Delivery,” recommends these activities:
- Do a threat model on the CI/CD pipeline. Look for weaknesses in the setup and controls, and gaps in auditing or logging.
- Harden the systems that host the source and build artifact repositories, the CI/CD servers, and the systems that host the configuration management, build, deployment, and release tools.
- Ensure that keys, credentials, and other secrets are protected. Get secrets out of scripts and source code and plaintext files, and use an audited, secure secrets manager.
- Secure access to the source and binary repos, and audit access to them.
- Implement access control across the entire toolchain.
- Change the build steps to sign binaries and other build artifacts to prevent tampering.
- Ensure that all systems are monitored as part of the production environment.
Related Solutions
Related Resources