Build and Deployment -> Build: Building and testing of artefacts in virtual environments
Risk and Opportunity
Risk: While building and testing artefacts, third party systems, application frameworks and 3rd party libraries are used. These might be malicious as a result of vulnerable libraries or because they are altered during the delivery phase.
Opportunity: Each step during within the build and testing phase is performed in a separate virtual environments, which is destroyed afterward.
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low
Implementation hints: Docker
OWASP SAMM 2 Mapping: i-secure-build|A|2