Secure Development Workflows in CI/CD Pipelines

Modern development workflows heavily utilize continuous integration (CI) and continuous delivery (CD) pipelines. CI/CD pipelines run with highly privileged credentials capable of accessing code repositories, writing to artifact registries, and in many cases deploying software into production. This represents an attractive target for adversaries. As such, the security of these pipelines and associated workflows is as critical as the security of the developed code. Secure development therefore encompasses writing secure code and securing the workflows for integration and deployment. In this paper, we present the key areas demanding attention when designing secure development workflows and associated CI/CD pipelines.