Compliance > Software Supply Chain > CIS 1.0 > Build Pipelines >

Build Instructions

N/A

Source

Chain Bench

ID

2.3

Version

cis-1.0

2.3 Build Instructions

2.3.1 Ensure all build steps are defined as code

Recommended Action

Convert pipeline instructions into code-based syntax, and upload them to the organization’s version control platform.

2.3.5 Ensure access to the build process’s triggering is minimized

Recommended Action

For every pipeline in use, grant only the necessary members permission to trigger it.

2.3.7 Ensure pipelines are automatically scanned for vulnerabilities

Recommended Action

For each pipeline, set automated vulnerabilities scanning.

2.3.8 Ensure scanners are in place to identify and prevent sensitive data in pipeline files

Recommended Action

For every pipeline that is in use, set scanners that will identify and prevent sensitive data in it.

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Copyright © 2023 Aqua Security Software Ltd. Privacy Policy | Terms of Use