Secure SDLC & DevSecOps Pipeline Hardening1 items
Secure SDLC & DevSecOps Pipeline Hardening1 items
Controls Checklist
- Branch protection: required reviews, status checks, and signed commits.
- Isolated builds: ephemeral runners; network egress allowlists; secretless builds.
- Artifact integrity: SBOM, SLSA provenance, signed containers and packages.
- Policy-as-code: pre-merge IaC checks; deny on critical violations.
- Secrets: inject at deploy-time; rotate via vault; no plaintext in CI logs.