Why you should add security very first in your CI/CD pipeline

Would you give root access to anybody on your system? Neither would I. One reason why you should have a look at your systems and everything connected to it. Read how you shift security all to the left starting at the developer.

Why you should add security very first in your CI/CD pipeline

For several years now, we have been experiencing an ever-increasing shift from classic, monolithic application development to cloud-based architecture based on microsegmentation, container technology and Kubernetes. As with every technology change, security is often implemented only at the end - if at all. Security is supposedly inconvenient, not sexy enough and the new MVP should have been released yesterday.

But what many people don't know is that in the world of containers not only the program code has to be written differently. After all, we give developers virtually full access to the system! I have never seen an administrator who willingly gives all developers root access to his machines without signing a 100 page form with blood. So why should we suddenly do this for containers?