Fork me on GitHub

Build and Deployment -> Build: Defined build process

Risk and Opportunity

Risk: Performing builds without a defined process is error prone. For example, as a result of incorrect security related configuration.
Opportunity: A well defined build process lowers the possibility of errors during the build process.
Evidence: The build process is defined in REPLACE-ME Pipeline in the folder vars. Projects are using a Jenkinsfile to use the defined process.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Low

Additional Information

Implementation hints: Jenkins, Docker
OWASP SAMM 2 Mapping: i-secure-build|A|1
ISO27001:2017 Controls Mapping: