Build and Deployment -> Build: Defined build process
Risk and Opportunity
Risk: Performing builds without a defined process is error prone. For example, as a result of incorect security related configuration.
Opportunity: A well defined build process lowers the possibility of errors during the build process.
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Low
Implementation hints: Jenkins, Docker
OWASP SAMM 2 Mapping: i-secure-build|A|1