The CI/CD pipeline
1. The CI/CD pipeline
Do you like making things simpler? Me too. Let’s explore some ways that software pipelines solve a lot of the complications that arise from a traditional software development framework. In this video, you’ll be introduced to the most commonly applied pipeline methodology: the continuous integration and continuous delivery, also known as CI/CD pipeline. CI/CD pipelines are a valuable approach to automating build, validation, and deployment processes. What does CI/CD mean? Simply put, CI/CD is a process DevSecOps teams use to create software and automate updates. The first phase, CI, is where developers continuously create and update code that’s uploaded into a shared repository. For example, uploading the code automatically triggers a validation process, builds an image, and then stores the code in a repository. Automation is crucial. Everything from the build process to validation tests should be automated. Validation tests that detect broken code trigger an alert that flags developers’ attention immediately. The second phase, CD, actually has two meanings, the first being continuous delivery. Continuous delivery standardizes the continuous release of software builds to a staging or testing environment. Changes to code are automatically tested for bugs and merged into a repository. Like with continuous integration, automated tests validate any code or build updates. Once the build is ready for deployment, manual approval is required to push the updates to a production environment. The second meaning of CD is continuous deployment. Unlike continuous delivery, continuous deployment automatically deploys builds into a production environment in real time. Manual approval is not required for the updated software to be pushed out to end users. Continuous deployment can be thought of as an extension of continuous delivery. Although the processes are different, it’s helpful to know that you might hear these terms used interchangeably. The CI/CD pipeline has four key stages: source, build, test, and deploy. Continuous monitoring runs throughout each stage. Let’s take a look at each stage. In the source stage, developers compile their code into a shared repository. Each developer works solely on the source code in this repository to ensure consistency. The team monitors for any deviation from the source code. In the build stage, developers implement edits to the source code in the shared repository. This triggers a build. Once the build is complete, it continues to the test stage. Automated security tests check the new build’s integrity. If any bugs are found in the build’s code, the pipeline stops the process until developers fix the problem. Last, the software deploys to end users within minutes. The DevSecOps team continuously monitors user feedback to quickly implement new features or improvements to the software. Why is CI/CD an invaluable approach to software development? One key benefit is that it minimizes downtime and reduces interruptions caused by human error. With automation built into the process and the application of continuous deployment, there’s no additional time waiting for manager approvals. The less a development team needs to manually touch the code, the less likely it is that unintentional errors will occur. Another important benefit of using a CI/CD pipeline is that it gets updates to apps and users faster. Users don’t have to wait for new releases or for bugs to be fixed. Once the developer has committed changes to the code in the repository, the update is well on its way to automated deployment. Now that you have the basics down, let’s consider security’s role in the CI/CD methodology. When planning your pipeline, there are certain points where you can incorporate security checks throughout the development lifecycle. Next, let’s cover some example places to add security checks during the first few phases. In the source stage, the source code is scanned, which triggers a build. In the build stage, the image is scanned for vulnerabilities and checked against policies. If the build passes this step, it continues to the image repository. Once in the repository, security measures can include applying IAM permissions to access the images, and incorporating regular scanning to identify vulnerabilities. The test stage detects any vulnerabilities and should trigger patching and redeployment. The image undergoes another cycle of vulnerability testing and checks the build’s integrity before deployment. The image undergoes another cycle of vulnerability and integrity testing before it’s released in the deploy stage. Another security measure includes only limiting service accounts access to deploy builds, rather than individual human users. Recall that a service account is a non-human identity that is typically granted to virtual machines, applications, and services. Automation is a key part to each CI/CD stage because it helps the stages work more quickly, and with fewer errors. In this video, we covered how to integrate security throughout the CI/CD pipeline in order to reduce downtime and use automation to reduce interruptions caused by human error. Isn’t it nice when things go smoothly?2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.