Build and Deployment -> Build: Continuous integration
Risk and Opportunity
Risk: Quality is not visible to everyone, quality checks are distributed or manually and not deterministic.
Opportunity: Use continuous automated building and testing of the software.
- Show your build pipeline and an exemplary job (build + test).
- Show that every team member has access.
- Show that failed jobs are fixed.
Quality is visible to everyone
There is a single instance deciding whether the code meets its quality (single ground of truth).
Deterministic and reproducible builds
- CI/CD tools, Link, Tags: ci-cd
Usefulness and Requirements of this Activity
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low
OWASP SAMM VERSION 2
CreditsThis activity is inspired/copied by/from
AppSecure-nrw Security Belts