Fork me on GitHub

Build and Deployment -> Deployment: Same artifact for environments

Risk and Opportunity

Risk: Building of an artifact for different environments means that an untested artifact might reach the production environment.
Opportunity: Building an artifact once and deploying it to different environments means that only tested artifacts are allowed to reach the production environment

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Defined build process
Implementation hints: Docker
OWASP SAMM 1 Mapping: OE2-A
OWASP SAMM 2 Mapping: i-secure-deployment|A|2
ISO27001:2017 Controls Mapping: