Fork me on GitHub

Build and Deployment -> Build: Defined build process

Risk and Opportunity

Risk: Performing builds without a defined process is error prone. For example, as a result of incorect security related configuration.
Opportunity: A well defined build process lowers the possibility of errors during the build process.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Low

Additional Information

Implementation hints: Jenkins, Docker
OWASP SAMM 2 Mapping: i-secure-build|A|1