Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage Articles Delivering Software Securely: Techniques for Building a Resilient and Secure Code Pipeline

Delivering Software Securely: Techniques for Building a Resilient and Secure Code Pipeline

Key Takeaways

  • A CI/CD pipeline potentially exposes sensitive information. Project teams often overlook the importance of securing their pipelines. They should have a comprehensive plan for securing their pipelines.
  • Access to a pipeline should be restricted. Everyone should have the least privileges required to perform their assigned jobs and no more.
  • To protect sensitive information and prevent it from getting exposed, all data at rest including logs should be encrypted.
  • Build and deployment logs should be treated with the same importance as application logs. These logs should be monitored regularly to make sure that there are no security vulnerabilities.
  • As part of the build and deploy process, data are often logged and stored. This necessitates the system to be compliant with regulatory standards.


Data protection is a key component of cloud services, and code pipelines running on public clouds are no exception. Data protection is based on several basic principles designed to protect information from misuse, disclosure, alteration, and destruction. These principles are essential to maintain the confidentiality, integrity, and availability of data in your pipelines. Thus, let's examine what these principles mean and why they are crucial to your DevOps security posture.

In a code pipeline, data protection is based on universally recognized principles in the field of cybersecurity. The principle of minimum privilege guarantees that only necessary access is granted to resources, thereby reducing the risk of data damage. Encryption acts as a robust barrier, breaking the data to make it unreadable to unauthorized users. In addition, redundancy prevents data loss by copying crucial data, and audit trails provide historical records of activities for review and compliance. These principles form the basis for building a safe environment that can support your continuous integration and delivery processes. Encryption is not just a best practice, it is the core of data privacy. Encrypting data during rest ensures that your source code and build artifacts remain confidential. When data is in transit, whether it is between pipeline stages or external services, SSL/TLS encryption helps prevent interceptions and man-in-the-middle attacks. This level of data privacy is not only about protecting intellectual property; it is also about maintaining trust and complying with strict regulatory standards governing how data should be managed. In this article, I’ll discuss these topics and use Amazon Web Services (AWS) to cite examples.

Restricting Access

A CI/CD pipeline, like any other sensitive resource, should have restricted access. For example, in AWS, Identity and Access Management (IAM) serves as the gatekeeper of pipeline safety. IAM is an important component in managing access to services and resources securely. You can create and manage users and groups and use permissions to allow or deny access to resources. By defining roles and attaching policies that clearly define what actions are permitted, you can control who can change your pipeline, access its artifacts, and carry out deployments. This granular control is crucial to protecting your CI/CD workflow from unauthorized access and potential threats. To minimize risks, it is essential to respect the principle of minimum privilege, providing the users and services with the minimum level of access necessary to carry out their functions. The following strategies for implementing this principle are:

  • Create specific roles for different tasks: Design access roles based on the user's or service's responsibilities. This avoids a universal permission policy that can lead to excessive privileges.
  • Audit permissions: Review service permissions and ensure that they comply with current requirements - use tools where possible.
  • Using managed policies: Usage of pre-configured policies with permissions for specific tasks, reduces the likelihood of a misconfigured permission.
  • Implement conditional access: This helps to establish the conditions for actions, such as IP whitelisting and time restrictions, to strengthen security.

These strategies ensure that, if a violation occurs, potential damage is limited by limiting access to compromised credentials.

Even with robust permission settings, passwords are vulnerable. Here Multi-Factor Identification (MFA) plays a role by adding an additional layer of security. MFA requires users to provide two or more verification factors for access to resources, significantly reducing the risk of unauthorized access. The benefits of implementing MFA on pipelines include:

  • Increased security: MFA requires a second factor — usually a unique password generated by hardware devices or mobile applications — even if password credentials are compromised.
  • Compliance: Many compliance frameworks require MFA as part of control measures. Using MFA, not only secures your pipeline but also meets regulatory standards.
  • User confidence: Demonstrating that you have multiple security control points builds confidence among stakeholders in the protection of your code and data.

Although implementing MFA is an additional step, the security benefits it brings to your pipeline are valuable.

By effectively restricting access to pipelines, you build a safe foundation for CI/CD operations. Through least privilege, you ensure that the right people have the right access at the right time. On top of that, the MFA places guards at the gate and asks all visitors to verify their identity. Together, these practices form a coherent defense strategy that makes your pipelines resistant to threats while maintaining operational efficiency.

Enhancing Logging and Monitoring

Why improving logging and monitoring is similar to installing a high-tech security system at home? In the vast digital landscape, these practices act as vigilant sentinels to mitigate potential threats and ensure that operations operate smoothly. Let's explore their importance.

Like security cameras recording everything that happens in their field of view, a recording of a pipeline captures all actions, transitions, and changes. This information is crucial to identify and analyze potential security threats and performance bottlenecks. On the other hand, monitoring is a continuous process that analyzes these logs in real time and highlights abnormal activities that indicate security concerns or system failures. Together, they provide a comprehensive overview of the health and security situation of the system, enabling teams to react quickly to any abnormality. This combination of historical data and real-time analysis strengthens the pipelines against internal and external threats.

Some technologies that can be used to improve log management include: structured logs, a consistent format of log data to facilitate analysis; log rotation policies, preventing storage overflow by archiving old logs; and log aggregation, merging logs from different sources to create a centralized point for analysis. These tools and techniques will ensure that you have a structured, searchable, and scalable log system.

However, with logs, there are a few points that need to be considered. The most important here is to know what exactly is getting logged. It is imperative to make sure that no confidential information is getting logged. Any passwords, access tokens, or other secrets should not be present in any shape or form in a pipeline. If the code being built contains embedded passwords or files that contain sensitive information, these could get logged. So, it needs to be confirmed that applications don’t embed secrets, rather they access these secrets from a secret manager post-deployment. This would ensure that secrets are not getting exposed via build logs.

The next thing to consider is: who has access to the logs. There have been situations where pipelines are access-controlled, but the logs are publicly available in read-only mode. This is a common vulnerability that must be checked periodically to ensure only the necessary users can access the logs. As a last line of defense, it’s always a good practice to encrypt the logs.

Ensuring Compliance Validation

After examining the important role of recording and monitoring, we focus on the equally important aspect of compliance. Maintaining compliance is crucial to maintaining trust and ensuring your applications comply with various regulatory standards. Define the regulatory requirements that affect your pipeline and how automation and reporting functions can be used to stay on the right side of these regulations.

Regulatory Requirements

Navigating the sea of regulatory requirements is a daunting task for any organization. These regulations determine how data should be used and protected, and they can vary depending on industry and region. Common frameworks such as GDPR, HIPAA, and SOC 2 are often implemented, each with a complex mandate. For example, the GDPR applies to all businesses dealing with EU citizens' data and provides for strict data protection and privacy practices. HIPAA protects medical information, and SOC 2 focuses on cloud service security, availability, and privacy. Understanding these guidelines is the first step in designing a compliant pipeline.

Automating Compliance Checks

AWS like other public clouds, has impressive automation capabilities. By automating compliance checks, teams can ensure that code, applications, and deployments comply with the necessary standards before reaching production. Configuration tools allow you to define rules that reflect compliance requirements. These rules automatically assess the extent to which resources comply with the policy and provide a continuous overview of your compliance status. This proactive compliance approach not only saves time but also reduces human errors and keeps your operations effective and secure.

Auditing and Reporting Features for Maintaining Compliance

An audit trail is the best defense against compliance checks. It provides historical records of changes and access that may be crucial during an audit. In AWS, CodePipeline is integrated with services such as CloudTrail to track every action on your pipelines and resources. This integration ensures that no stone is left unturned when it comes to demonstrating compliance efforts. In addition, robust reporting can help you generate the evidence needed to prove compliance with various regulations. Quick and accurate reporting on compliance status can greatly ease the burden during audit periods. In essence, ensuring compliance validation requires a comprehensive understanding of the relevant regulatory requirements, strategic automation of compliance verification, and robust audit and reporting mechanisms. Focusing on these areas can build a safe, resilient, and compliant pipeline that not only protects your data but also protects the integrity of your business.

Building Resilience

In the complicated world of continuous integration and delivery, the resilience of a pipeline is similar to a security net for your deployments. Understanding the concept of resilience in this context is the key. What does it mean for a pipeline to be resilient? Simply put, it means that the pipeline can adapt to changes, recover from failures, and continue to operate even under adverse conditions.

Understanding the Concept of Resilience

Resilience in a pipeline embodies the system's ability to deal with unexpected events such as network latency, system failures, and resource limitations without causing interruptions. The aim is to design a pipeline that not only provides strength but also maintains self-healing and service continuity. By doing this, you can ensure that the development and deployment of applications can withstand the inevitable failures of any technical environment.

Implementing Fault Tolerance and Disaster Recovery Mechanisms

To introduce fault tolerance into your pipeline, you have to diversify resources and automate recovery processes. In AWS, for example, this includes the deployment of pipelines across several Availability Zones to minimize the risk of single failure points. When it comes to disaster recovery, it is crucial to have a well-organized plan that covers the procedures for data backup, resource provision, and restoration operations. This could include automating backups and using CloudFormation scripts to provision the infrastructure needed quickly.

Testing and Validating Resilience Strategies

How can we ensure that these resilience strategies are not only theoretically effective but also practically effective? Through careful testing and validation. Use chaos engineering principles by intentionally introducing defects into the system to ensure that the pipeline responds as planned. This may include simulating power outages or blocking resources to test the pipeline's response. In addition, ensure that your disaster recovery plan is continuously validated by conducting drills and updating based on lessons learned. A regularly scheduled game day where teams simulate disaster scenarios helps uncover gaps in their survival strategies and provides useful practice for real incidents. The practice of resilience is iterative and requires continuous vigilance and improvement.

Strengthening Infrastructure Security

After exploring resilience strategies, we should focus on strengthening the foundations on which these strategies are based: infrastructure security. Without a secure infrastructure, even the strongest resilience plan may fail. But what exactly does it mean to secure the infrastructure components and how to achieve this fortification?

Securing Infrastructure Components

The backbone of any CI/CD pipeline is its infrastructure, which includes servers, storage systems, and network resources. Ensuring that these components are secure is essential to protect the pipeline from potential threats. The first step is to complete an in-depth inventory of all assets - know what you must protect before you can protect it. From there, the principle of minimizing privilege is applied to minimize access to these resources. This means that users and services have just enough permission to perform their tasks and no more. Next, consider using private virtual clouds (VPCs) and dedicated instances to isolate pipeline infrastructures. This isolation reduces the likelihood of unauthorized access and interference between services. In addition, implement network security measures such as firewalls, intrusion detection systems, and subnets to monitor and control network traffic from resource to resource.

Vulnerability Assessment and Remediation

When vulnerabilities are not controlled, they can become the Achilles heel of a system. Regular vulnerability assessments are crucial to identifying potential security vulnerabilities. In AWS for example, tools like Amazon Inspector can automatically evaluate application exposure, vulnerabilities, and deviations from best practices. Once identified, prioritize these vulnerabilities based on their severity and correct them promptly. Patches must be applied, configurations must be tightened, and outdated components updated or replaced. Remediation is not a one-time task, but a continuous process. Automate scanning and patching processes as much as possible to maintain a consistent defense against emerging threats. These checks must be integrated into the continuous delivery cycle to ensure that each release is as safe as the last.

Embracing Security Best Practices

Security is a continuous practice embedded in software development and delivery. But what are the security practices recommended by the industry that should be applied to ensure the integrity of your CI/CD pipeline? Let's dive into the essentials.

Overview of Industry-Recommended Security Practices

Starting with the basics, you must secure the source code. It is the blueprint of your application and deserves strict protection. Implementation of best practices for version control, such as the use of pre-commit hooks and peer review workflows, can help mitigate the risk of vulnerabilities in your code base. In addition, the use of static code analysis tools helps identify potential security problems before deployment. In addition, dynamic application security tests (DASTs) during the staging phase can discover runtime problems that static analysis might miss. Encrypting sensitive data in your pipeline is also essential. Whether it is an environment variable, database credentials, or API key, encryption ensures that this information remains confidential. Moreover, security practices continue beyond the technical level. It is essential to raise awareness and train developers on secure coding techniques. Encourage your team to keep abreast of the latest security trends and threats to promote an environment in which security is the responsibility of all.

Continuous Security Improvement Through Regular Assessments

Complacency is the enemy of security. In a rapidly evolving environment, regular assessments are essential to maintaining strong defenses. This includes periodic penetration tests to simulate attacks on your system and identify vulnerabilities. But it is not just about finding gaps; it is about learning from them and improving. Post-mortem analysis after any security incident is invaluable in preventing similar problems in the future. Another aspect of continuous improvement is to regularly review the role and policy of IAM to ensure that the principle of minimum privilege is strictly implemented. As projects grow and evolve, so do access requirements. Regular audits can prevent unnecessary permission accumulation that could become a potential attack vector. Finally, keep your dependencies up-to-date. Third-party libraries and components may become a liability if they contain unpatched vulnerabilities. Automated tools can help track the version you use and alert you when updates or patches are available.

Collaborative Security Culture and Knowledge Sharing Within Teams

In the context of CI/CD pipelines, it is imperative to encourage a collaborative security culture to ensure that the entire team is aligned with best security practices. This involves the creation of clear communication channels to report potential security issues and the sharing of knowledge about emerging threats and effective countermeasures. Workshops, training sessions, and even gamified security challenges can improve engagement and knowledge retention between team members. By making security a part of daily conversations, teams can proactively address risks rather than react to incidents. Furthermore, by integrating security into CI/CD pipelines, automated security checks become part of processes, and developers can respond immediately. With these practices, teams secure pipelines and establish a strong security culture permeating all operations. By continuously assessing and improving security measures, staying on the cutting edge of industry standards, and encouraging collaborative security-centered approaches, pipelines can be resilient and secure.

Resilience and Security in Other Cloud Platforms

Throughout this article, I have used AWS to exemplify the various aspects of resilience and security. It is important to note that these technologies are also available in other cloud platforms like Azure and GCP. Azure DevOps comes with a suite of products to implement modern pipelines. Azure Key Vault can be used to manage keys and other secrets. Google Cloud also provides services like Cloud Build, a serverless CI/CD platform, and other related services.

Fundamentally, the principles, techniques, and design considerations for building a resilient and secure pipeline are of prime focus. The technologies to implement these are available in all popular public cloud platforms.


In this article I have elaborated the principles of data protection, the importance of encryption as a reliable defense mechanism for maintaining data privacy, and best practices for data protection during and after transit. To summarize, for moving towards resilience and security, it’s essential to encrypt sensitive information, work with the least privileges, and store secrets in vaults. Consequently, you must establish robust audit trails, maintain historical activity logs, and protect your DevOps practices while complying with stringent regulatory standards.

About the Author

Rate this Article