Pipeline CI/CD adalah kritikal dari segi keselamatan — ia mempunyai akses kepada source code, kredensial, dan deployment production. Pipeline yang terjejas boleh menjadi bencana (supply chain attack). Menjamin keselamatan pipeline melibatkan perlindungan secrets, pipeline itu sendiri, dependencies, dan artifact yang dihasilkan.
Mengapa keselamatan pipeline kritikal
Pipelines are a HIGH-VALUE TARGET — they have powerful access:
→ SOURCE CODE, deployment CREDENTIALS, production ACCESS, secrets
→ a compromised pipeline can inject malicious code into your software (SUPPLY CHAIN
ATTACK — affecting all your users) or steal credentials/deploy malicious versions
→ Real, serious attacks (SolarWinds, etc.) targeted build/CI systems.
