{"title":"CI/CD管道中的安全开发工作流","authors":"Pranshu Bajpai, Adam Lewis","doi":"10.1109/SecDev53368.2022.00024","DOIUrl":null,"url":null,"abstract":"Modern development workflows heavily utilize continuous integration (CI) and continuous delivery (CD) pipelines. CI/CD pipelines run with highly privileged credentials capable of accessing code repositories, writing to artifact registries, and in many cases deploying software into production. This represents an attractive target for adversaries. As such, the security of these pipelines and associated workflows is as critical as the security of the developed code. Secure development therefore encompasses writing secure code and securing the workflows for integration and deployment. In this paper, we present the key areas demanding attention when designing secure development workflows and associated CI/CD pipelines.","PeriodicalId":407946,"journal":{"name":"2022 IEEE Secure Development Conference (SecDev)","volume":"139 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Secure Development Workflows in CI/CD Pipelines\",\"authors\":\"Pranshu Bajpai, Adam Lewis\",\"doi\":\"10.1109/SecDev53368.2022.00024\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern development workflows heavily utilize continuous integration (CI) and continuous delivery (CD) pipelines. CI/CD pipelines run with highly privileged credentials capable of accessing code repositories, writing to artifact registries, and in many cases deploying software into production. This represents an attractive target for adversaries. As such, the security of these pipelines and associated workflows is as critical as the security of the developed code. Secure development therefore encompasses writing secure code and securing the workflows for integration and deployment. In this paper, we present the key areas demanding attention when designing secure development workflows and associated CI/CD pipelines.\",\"PeriodicalId\":407946,\"journal\":{\"name\":\"2022 IEEE Secure Development Conference (SecDev)\",\"volume\":\"139 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE Secure Development Conference (SecDev)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SecDev53368.2022.00024\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Secure Development Conference (SecDev)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SecDev53368.2022.00024","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Modern development workflows heavily utilize continuous integration (CI) and continuous delivery (CD) pipelines. CI/CD pipelines run with highly privileged credentials capable of accessing code repositories, writing to artifact registries, and in many cases deploying software into production. This represents an attractive target for adversaries. As such, the security of these pipelines and associated workflows is as critical as the security of the developed code. Secure development therefore encompasses writing secure code and securing the workflows for integration and deployment. In this paper, we present the key areas demanding attention when designing secure development workflows and associated CI/CD pipelines.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
