CI/CD Pipeline
Improvement
why
Owning an automated, bullet-proof CI/CD pipeline is a vital fundament of a secure and reliable architecture. An automated pipeline minimizes human errors and enforces quality and security checks when deploying code. A proper automated pipeline leads to faster releases, increases developer velocity, and simplifies maintenance and updates of customers workloads. It is the foundation for security automation.
what
Alice&Bob.Company provide CI/CD pipepline as a managed service. It gives clients visibility and control inside and outside their CI/CD pipeline and increases code quality leading to cost reductions and an increasing ROI. A&B considers the CI/CD pipeline as the technical heart of the DevSecOps approach.
In order to provide the pipeline(s) as managed service A&B creates, automates, manages and continuously optimizes the clients CI/CD pipelines. This covers infrastructure, application and security.
Alice&Bob.Company develops a consistent process and continuously implements technical elements, i.e.
- security steps like code analysis,
- security/CVE checks,
- dependency checks,
- comprehensive release steps containing pre-commit checks,
- reviewed merge requests and
- controlled commits individually tailored to the toolchain used by the client (e.g. gitlab, AWS Developer Tools, ...)
Additionally, A&B integrates AWS specific services, including
- AWS Config,
- AWS GuardDuty and/or
- Amazon Security Hub.
how
Alice&Bob.Company analyzes the customers deployment processes and its requirements and develops a CI/CD pipeline architecture, which considers your organizational, procedural and technical conditions. A&B creates, optimizes, automates and implements security in targeted CI/CD pipelines.
A&Bs course of action is made of the following steps:
- CI/CD Pipeline Assessment and comparison to best practices
- Creating and adapting the pipeline in regard to defined best practices
- Monitoring the CI/CD Pipeline for 12 consecutive months after go-live
CI/CD Pipeline Assessment
During the assessment A&B runs a workshop focusing on the single stages of your software delivery. Information about the pipelines state, its challenges and requirements are being revealed and gathered, combining interviews and checklists as well as code and data analysis.
Outcomes will be compared to best practices and presented in a report together with recommendations for optimization.
Pipeline Creation
Building upon the assessments results A&B optimizes an existing pipeline or creates a new pipeline with the goal to deliver a fully managed build service with integrated comprehensive security checks. A&B prefers usage of AWS services (AWS CodeBuild, AWS CodeDeploy), nonetheless A&B is open to other solutions.
Monitoring
After provisioning of the pipeline A&B monitors the CI/CD pipeline itself as well as code that’s actively being deployed. A&B constantly checks the pipeline and its components for:
- Unauthorized access and violation of privileges
- Suspicious behaviour
- Misconfiguration
- Performance metrics
- Code quality scans (dynamic and static)
Monitoring will be made accessible and regular reports will be generated. Findings will be rated and described in a consolidated report. A&B optionally provides resolution measures after consultation.
YOUR BENEFITS
Main advantages of performing CI/CD pipeline improvement with A&B:
- You take care on your product. We take care on implementing securityas-code in your pipelines. Continuously and managed.
- If neccessary, we help you to build highly-scalable and automated pipelines. If not, we help support you to optimize.
- Don't let security slow you down. Ship your software fast and secure!
Continuous Penetration Testing
Minimize the risk of application vulnerabilities by combining manual and continuously automated penetration testing for your web applications and API’s.
Cloud Security Posture Management
Keeping visibility and enforced security across public cloud accounts – probably across multiple public cloud vendors with the right tools: facilitate a managed Cloud Security Posture Management (CSPM) service by Alice&Bob.Company.
Managed Container & Serverless Security
Have you heard about Kubernetes Security Posture Management (KSPM)? Keep a clear view on your Cloud and Serverless Security with A&B’s Managed Container & Serverless Security.
Managed Perimeter Protection
Protect your publicly accessible websites, e-commerce platforms, IoT-, IIoTT-applications and other dynamic web application against abuse of bugs, vulnerabilities and Distributed Denial of Service (DDoS) attacks. The team of A&B and AWS give you a peaceful sleep.
Cloud Security Trainings
Never stop learning! The cloud never stops teaching! In Jan 2021 AWS consists of more than 199 ready to use service. 45+ of those are security related. Let us help to enable and educate you team(s) with an individual training plan over a timeframe of 6 to 24 months.
Security Champions Program
Security Chaos Engineering Program
Transfer the disruptive operational method of chaos engineering, developed initially by Netflix, to cloud security. We accompany your team(s) over the course of 12 month to establish the concepts and culture of Security Chaos Engineering (SCE).
Custom Tailored Managed Service
Is there anything you need, but we haven’t covered. We are always curious and eager to learn about your requirements. And maybe, we develop a new Cloud Security Managed Service together