What types of security testing should be included in CI/CD pipelines?

Question

Accepted Answer

Security testing in CI/CD includes multiple layers. SAST (Static Application Security Testing) analyzes source code for vulnerabilities: SQL injection, XSS, insecure cryptography. Tools: SonarQube, Snyk Code, Semgrep. DAST (Dynamic Application Security Testing) tests running application: OWASP ZAP, Burp Suite. Dependency scanning detects vulnerable libraries: Snyk, Dependabot, npm audit. Container scanning finds vulnerabilities in Docker images: Trivy, Aqua, Clair.

Secrets detection prevents committing passwords, API keys, tokens: GitGuardian, git-secrets, detect-secrets. License compliance ensures dependencies have acceptable licenses. Infrastructure scanning validates Terraform/CloudFormation: Checkov, tfsec. Comprehensive security testing provides defense in depth.

CI/CD integration: run SAST on every commit, dependency scan on dependency changes, DAST on staging deployment, container scan before pushing images. Fail builds on critical vulnerabilities. Understanding security testing enables shift-left security approach.

Master Interviews
Anywhere, Anytime

What types of security testing should be included in CI/CD pipelines?

Problem Statement

Explanation

Practice Sets

Related Questions

What is the main goal of a CI/CD pipeline?

Which statement best separates Continuous Integration from Continuous Delivery?

Choose the common order of stages in a basic pipeline.

What usually triggers a CI run in modern platforms?

What is a build artifact in CI/CD?

More from CI/CD Pipelines

Master Interviews Anywhere, Anytime

What types of security testing should be included in CI/CD pipelines?

Problem Statement

Explanation

Practice Sets

Related Questions

What is the main goal of a CI/CD pipeline?

Which statement best separates Continuous Integration from Continuous Delivery?

Choose the common order of stages in a basic pipeline.

What usually triggers a CI run in modern platforms?

What is a build artifact in CI/CD?

More from CI/CD Pipelines

Master Interviews
Anywhere, Anytime