New CI/CD configuration insurance policies added to Checkov


Checkov, the open-source instrument for locating infrastructure misconfigurations, has been up to date with new CI/CD configuration insurance policies. These insurance policies could be utilized throughout standard CI/CD frameworks like GitHub Actions, GitLab Runners, BitBucket Pipelines, CircleCI, and Argo. 

Checkov has a developer-first method to produce chain safety, so it embeds these CI/CD insurance policies instantly into current DevOps workflows to make it simpler for builders to undertake them. 

Business benchmarks, similar to SLSA and CIS, had been used to create these insurance policies. Based on the Checkov staff, this helps builders align their pipelines with business requirements. 

The brand new insurance policies embrace controls like requiring two reviewers for a pull request, requiring signatures for particular person commits, stopping deprecated instructions or beta options from getting used, stopping secrets and techniques exfiltration, and blocking privileged workflow pods. 

Based on the Checkov staff, CI/CD safety insurance policies are notably wanted to stop provide chain assaults. They defined that CI/CD pipelines that aren’t correctly secured supplier attackers with a straightforward entry level into the software program provide chain. 

For instance, a repository configured to run any command in a pull request could be manipulated by injecting code that can ship API tokens and different secrets and techniques to the attacker, the staff defined. 



Please enter your comment!
Please enter your name here