DevSecOpsGuideline icon indicating copy to clipboard operation
DevSecOpsGuideline copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Pipeline Tampering Risks & Prevention

Open ducthinh993 opened this issue 2 years ago • 2 comments

Hi folks, As a DevSecOps practitioner for many sizes of development, there is a critical one for maintaining DevSecOps Pipeline to prevent integrity violation and DRY principle with the pipeline consuming

Abstraction Ideas:

  • Pipeline definition store as separate repos
  • Consuming pipeline as git sub-modules
  • Pipeline call should be visible and measured

Benefits:

  • [ ] Pipeline enforcement
  • [ ] Pipeline integrity
  • [ ] Pipeline scalability

I'm happy to help but not so sure which category should we put it on

ducthinh993 avatar Jun 27 '22 07:06 ducthinh993

Hi, Thanks for the great suggestion, Please create a file and start to write them down. After that, we can review them and see if it needs to reorganize.

So easy 😄

Ali-Yazdani avatar Jun 27 '22 07:06 Ali-Yazdani

Dear @ducthinh993, I assigned it to you. Please feel free and start work on it. I'm looking forward to approving your Pull Request.

Ali-Yazdani avatar Jun 28 '22 13:06 Ali-Yazdani