all InfoSec news
Securing your Kubernetes workloads with Sigstore
DEV Community dev.to
Date: 2023-07-20
Consider your typical CI/CD pipeline as shown below. What are some of the issues associated with the DevOps workflow below, if any?
The main issue is that security measures are not integrated into the pipeline as a first-class citizen. Let's assume the best case where the Kubernetes cluster hosting the production workloads is reasonably secured as an afterthought. In this case, a malicious actor seeking to compromise the cluster might, failing to gain access to the nodes themselves, …
case cd pipeline class cluster containers devops hosting issue kubernetes main pipeline security sigstore workloads