all InfoSec news
From Theory to Practice: Navigating NIST’s CI/CD Security Strategies
Security Boulevard securityboulevard.com
On August 30, 2023, NIST published SP 800-204D, an Initial Public Draft (IPD) Named: “Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD pipelines”. The publication takes the SSDF's high-level policies and sets a guideline for how to comply to them using CI/CD pipelines. With this, you can automate the process of compliance, guarantee that all artifacts that went through the pipelines are compliant, and make the process as zero-trust as possible.
This blog post delves …
august cd pipelines cd security devsecops explainers high integration nist pipelines policies practice public security security strategies software software supply chain software supply chain security strategies supply supply chain supply chain security theory