You are Here
Automate security Cloud Certifications Deploying the sample Blog App Revisiting the Blog Application The Kubernetes manifests

Technical requirements – Securing and Testing Your CI/CD Pipeline

In the previous chapters, we looked at Continuous Integration (CI) and Continuous Deployment/ Delivery (CD) with GitOps as the central concept. Both concepts and the tooling surroundingthem help us deliver better software faster. However, one of the most critical aspects of technology is security and quality assurance. Though security was not considered in DevOps’ initial days, with the advent of DevSecOps, modern DevOps now places a great emphasis on it. In this chapter, we’ll try to understand the concepts surrounding container applications’ security and testing and how to apply them within CI and CD.

In this chapter, we’re going to cover the following main topics:

  • Securing and testing CI/CD pipelines
  • Revisiting the Blog Application
  • Container vulnerability scanning
  • Managing secrets
  • Binary authorization
  • Release gating with pull requests and deploying our application in production
  • Security and testing best practices for modern DevOps pipelines

Technical requirements

For this chapter, we will spin up a cloud-based Kubernetes cluster, Google Kubernetes Engine (GKE), for the exercises. Currently, Google Cloud Platform (GCP) provides a free $300 trial for 90 days, so you can go ahead and sign up for one at https://console.cloud.google.com/.

You will also need to clone the following GitHub repository for some of the exercises: https://github.com/PacktPublishing/Modern-DevOps-Practices-2e.

You can use the Cloud Shell offering available on GCP to follow this chapter. Go to Cloud Shell and start a new session. Run the following commands to clone the repository into your home directory to access the required resources:

$ git clone https://github.com/PacktPublishing/Modern-DevOps-Practices-2e.git \ modern-devops

We also need to set the project ID and enable a few GCP APIs that we will use in this chapter. To do so, run the following commands:

$ PROJECT_ID=<YOUR_PROJECT_ID>

$ gcloud services enable iam.googleapis.com \

container.googleapis.com \

binaryauthorization.googleapis.com \

containeranalysis.googleapis.com \

secretmanager.googleapis.com \

cloudresourcemanager.googleapis.com \

cloudkms.googleapis.com

Now, in the next section, let’s look at how to secure and test CI/CD pipelines.

Share
Facebook Twitter Pinterest Linkedin

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *



          Terms of Use | About Breannaworld | Privacy Policy | Cookies | Accessibility Help | Contact Breannaworld