CI/CD Security Best Practices [Cheat Sheet]

Download Cheat Sheet

歩 1 の 3

Key Takeaways
  • reportTop 10 CI/CD security risks and best practicesBreakdown of each risk, practical tips to address it, and explanation of how Wiz can help.
  • lockHow to fix insufficient flow control mechanismsUsing solid guardrails at the workflow level to protect your business.
  • personControlling inadequate identity and access managementHow to enforce a strict least-privilege model to ensure you avoid over-privileged credentials.

This cheat sheet is designed for:

  • Product security and DevSecOps engineers and architects securing pipelines from commit to deploy

  • AppSec teams already addressing risks in code and looking to enhance pipeline security

  • SecOps and IR teams investigating threats in CI/CD environments and tools

What's included?

  • A breakdown of the OWASP Top 10 CI/CD security risks

  • Step-by-step mitigations for each, from branch protection to ephemeral credentials

  • Examples of real-world breaches and how to avoid them

  • How Wiz detects and blocks misconfigurations, exposed secrets, untrusted third-party services, and supply chain attacks

  • Advanced defenses and controls to comply with OWASP’s recommendations

パーソナライズされたデモを見る

実際に Wiz を見てみませんか?​

"私が今まで見た中で最高のユーザーエクスペリエンスは、クラウドワークロードを完全に可視化します。"
デビッド・エストリックCISO (最高情報責任者)
"Wiz を使えば、クラウド環境で何が起こっているかを 1 つの画面で確認することができます"
アダム・フレッチャーチーフ・セキュリティ・オフィサー
"Wizが何かを重要視した場合、それは実際に重要であることを私たちは知っています。"
グレッグ・ポニャトフスキ脅威および脆弱性管理責任者