Fork me on GitHub

Build and Deployment -> Build: Building and testing of artefacts in virtual environments

Risk and Opportunity

Risk: While building and testing artefacts, third party systems, application frameworks and 3rd party libraries are used. These might be malicious as a result of vulnerable libraries or because they are altered during the delivery phase.
Opportunity: Each step during within the build and testing phase is performed in a separate virtual environments, which is destroyed afterward.

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low

Additional Information

Implementation hints: Docker
OWASP SAMM 2 Mapping: i-secure-build|A|2