Why the CI/CD pipeline is vulnerable to attack [Q&A]

Recent high-profile supply chain attacks such as SolarWinds have highlighted how vulnerable the software development pipeline can be. To find out more about why the CI/CD pipeline is particularly vulnerable to attacks and what can be done to prevent them, we spoke to Vickie Li, developer evangelist at ShiftLeft, which has just launched a new product, ShiftLeft CORE, aimed at reducing risk to the software code base. BN: What is CI/CD? How does it differ from the CI/CD pipeline? VL: Continuous Integration (CI) and continuous delivery/deployment (CD) enables developers to deliver software changes more frequently, seamlessly, and safely. The CI/CD… [Continue Reading]