Skip to main content

CI/CD Pipeline 101

·275 words·2 mins
Posts 101 cicd dast sast sca webapp
Table of Contents
CI/CD pipeline is where you combine version control (Git), continuous integration and continuous deployment.

An excellent page about CI/CD from Evan Grace (Tenable). See the full blog post in the link section.

IMO, so far this is the only article to explain what is CI/CD well. This makes me to write a post about CI/CD for my own reference.

The post is about introducing Tenable Web Application Scanning. And this requires some level of understanding about:

  • What is CI/CD pipeline?
  • How webapp scanning works with CI/CD and version control?

Continuous Integration
#

The Continuous Integration builds an application for testing and staging uses. It builds an application and runs tests on a schedule or after the code changes.

During continuous integration, it involves:

  • build and compile the source codes.
  • run simple application testing.
  • run dynamic application security testing (DAST).
  • software composition analysis (SCA)
  • static application security testing (SAST)
  • Jenkins the first main and widely adopted CI tool.

In short, it saves time to manually assign tasks out for multiple testings.

Continuous Deployment
#

The Continuous Deployment builds an application for production use rather than just for quick testing.

It automates the process:

  • Deploy codes from staging to production.
  • Handle the roll-back if needed.

In short, continuous deployment allows for changes to be made in the source code, and sent to production automatic. The purpose is to save time in changing live servers for IT team.

WebApp Scan
#

  • Tenable Web Application Scanning can scan any pipeline, including:
    • Bamboo
    • CircleCI
    • GitHub Actions
    • GitLab
    • Jenkins
    • Azure DevOps

Links#

Related

MkDocs (Python)
·182 words·1 min
zd
Posts 101 documentation markdown python tools
Documenting project with MkDocs.
Generator Expression in Python
·567 words·3 mins
Posts 101 python
Python: List comprehension vs Generator expression.
Cloud Native Tools
·517 words·3 mins
Posts 101 cloud tools
What are CSPM, CWPP, and CIEM?