Apr 09 · 2 min read
Today, CI/CD pipelines form the backbone of modern-day DevOps operations.
Over the past few years, the software development industry has pivoted to a continuous integration and delivery process (CI/CD) that offers application developers a faster and more automated way to develop, build, test, and deploy new software.
But these improvements come at a cost — CI/CD pipelines create a new attack surface for organizations introducing new security risks and challenges. The new process runs the company’s source code through a series of cloud-based services and open-source tools, all of which are now a part of its network.
In the past two years, we’ve seen dozens of security breaches and cyberattacks that exploit misconfigurations and vulnerabilities within development environments. Companies like SolarWinds, Microsoft, Mercedes, and many others fell victim to such attacks on their software supply chain.
Following the SolarWinds breach, Argon Security partnered up with Hyperwise Ventures, a leading cybersecurity VC to seek answers about the state of security of the development environments. In this global survey, we surveyed more than 200 security leaders regarding the security state of their software development environment and the risks and challenges they are facing.
The survey revealed that although 90% of the organizations rely on CI/CD pipelines for software delivery, using two or more tools, the level of confidence in the security of these development environments is very low. Additionally, 80% of leaders surveyed said they lack confidence in their ability to withstand an attack targeting their development environments.
The main risks highlighted in the survey from software supply chain breaches were:
Although the risks are top of mind, only 30% of people surveyed deploy dedicated protection on their CI/CD pipeline, but even then, it’s mainly using siloed point solutions.
When asked about the reason behind this gap, the security leaders raised three main recurring challenges:
Overall, there’s substantial agreement among security leaders that securing the CI/CD pipeline would improve their overall security posture. Most security leaders surveyed state that CI/CD security is in their plans for the next 24 months.
Argon provides security for CI/CD pipelines, eliminating the risk from misconfigurations and vulnerabilities in your DevOps environments. It provides a unified view of the entire development environment and enforces security best practices on all stages of the software delivery process, including real-time alerts and auto-remediation that minimize your exposure.
By Eran Orzel, Argon’s Chief Revenue Officer
What is GitLab GitLab is a free open-source service designed to manage and share code in a distributed version control…
The SolarWinds Attack Was the Industry’s Wakeup Call The new wave of software supply chain attacks that targeted SolarWinds, Codecov,…
Hardly a week goes by these days without hearing about a new supply chain attack. A recent headline featured yet…