Online Courses
Security of the Pipeline
Online Courses
Security of the Pipeline
  • Security of the Pipeline
  • Intro to Pipeline Automation
    • Introduction
    • DevOps Pipelines Explained
    • Source Code and Version Control
    • Dependency Management
    • Automated Testing
    • Continuous Integration and Delivery
    • Environments
  • Source Code Security
    • Introduction
    • Git and Linus
    • Version Control Concepts
    • Cloud Based Version Control
    • Insufficient Credential Hygiene
  • CI/CD and Build Security
    • Introduction
    • What is CI/CD and Build Security?
    • Securing the Build Source
    • Securing the Build Process
    • Securing the Build Server
    • Securing the Build Pipeline
    • Securing the Build Environment
    • Protecting the Build Secrets
    • Conclusion
Powered by GitBook
On this page
  1. Intro to Pipeline Automation

DevOps Pipelines Explained

PreviousIntroductionNextSource Code and Version Control

Last updated 8 months ago

Before learning about automation security, we should start by defining the pipeline and showing where automation can take place. The diagram below shows what a typical pipeline can look like, as well as the software that could be used for this purpose:

For each of these items, we will look at what they are, the common tools used for them, an introduction to their security, and a case study of what can happen when security fails. Each of these components will be reviewed in-depth in the coming rooms of this module.

Automation in the pipeline has significantly increased the capability of SDLC processes. It has enabled developers to rapidly create and deploy updates to applications. However, these new automation can also lead to an increased attack surface since an attacker can now indirectly attack the application by compromising its pipeline. Implementing secure automation is therefore needed to ensure that the automated pipeline does not increase the risk of application compromise.

Throughout the various rooms in this module, we will take a deeper dive into the elements that make up a pipeline and show how security can be applied to each to create a secure, automated pipeline.