CI/CD
CI/CD is the overarching framework for automating builds, verification, and deployment. A good pipeline provides traceability, quality assurance, and controlled rollout across environments.
Deploy
Once the solution is designed and the code is written, it's "just" about deploying, and then we're done, right? We often use CI/CD solutions to build and deploy, run tests, and much more. If someone can compromise pipelines, the build agent building the solution, or the connection to the resources we deploy to, we will have major problems.
Even though it's challenging to cover everything in a few short articles, we still try to provide insights into the issues that delivery teams should address.
Building
Building is about producing a reproducible artifact that can be verified and trusted before deployment. Build environment, dependencies, and signing are critical control points.
Deploy
Deployment is about controlled movement of a verified artifact to runtime environments. The goal is safe rollout, fast rollback, and predictable operations.
Penetration Testing
Penetration testing, often referred to as pentesting, is the art of testing a system to find weak points that can be exploited and the risk these weaknesses pose to the owner of the solution.