DevOps and CI/CD Security Assessment

Most organizations use continuous integration and continuous delivery to build, test and deliver applications. In many cases that same pipeline infrastructure is also used to deploy the application in the target environment (either triggered manually or through continuous deployment). This provides high productivity as well as good places to inject additional review and security tooling. But such setups are also complex and can contain many steps and parts that can potentially be leveraged to attack the organization or even their customers (a supply-chain attack).

Truesec has general expertise in the area of secure development processes as well as specific experience in many CI/CD and cloud environments. 

This assignment is mainly performed through workshops, threat modeling and documentationThe scope can be variable. In certain cases, it is best to focus on specific parts of the development pipeline, and in other cases more of the production environment and operations are included. 

The assignment can be augmented with additional tasks, such as: 

  • Detailed review of pipeline structure in the repository. 
  • Health check/penetration test of installed systems. 
  • Tool suggestions for improve security (SAST, DAST etc.). 

 

DevOps and CI/CD Security Assessments can be performed on-site or remotely.

Haven't found what you are looking for?

Our team of experts loves questions.

Contact us

[mc4wp_form id="2129"]

Cookie Information
We use cookies for this website to work properly for you. By continue to navigate this website, you agree to this. Read more about cookies here and our Privacy Policies here. 

[mc4wp_form id="2129"]

Cookie Information
We use cookies for this website to work properly for you. By continue to navigate this website, you agree to this. Read more about cookies here and our Privacy Policies here.