CI/CD Security Best Practices [Cheat Sheet]

This cheat sheet is designed for:

• Product security and DevSecOps engineers and architects securing pipelines from commit to deploy

• AppSec teams already addressing risks in code and looking to enhance pipeline security

• SecOps and IR teams investigating threats in CI/CD environments and tools

What's included?

• A breakdown of the OWASP Top 10 CI/CD security risks

• Step-by-step mitigations for each, from branch protection to ephemeral credentials

• Examples of real-world breaches and how to avoid them

• How Wiz detects and blocks misconfigurations, exposed secrets, untrusted third-party services, and supply chain attacks

• Advanced defenses and controls to comply with OWASP’s recommendations