An excellent page about CI/CD from Evan Grace (Tenable). See the full blog post in the link section.
IMO, so far this is the only article to explain what is CI/CD well. This makes me to write a post about CI/CD for my own reference.
The post is about introducing Tenable Web Application Scanning. And this requires some level of understanding about:
- What is CI/CD pipeline?
- How webapp scanning works with CI/CD and version control?
Continuous Integration#
The Continuous Integration
builds an application for testing and staging uses.
It builds an application and runs tests on a schedule or after the code changes.
During continuous integration
, it involves:
- build and compile the source codes.
- run simple application testing.
- run dynamic application security testing (DAST).
- software composition analysis (SCA)
- static application security testing (SAST)
Jenkins
the first main and widely adopted CI tool.
In short, it saves time to manually assign tasks out for multiple testings.
Continuous Deployment#
The Continuous Deployment
builds an application for production use rather than just for quick testing.
It automates the process:
- Deploy codes from staging to production.
- Handle the roll-back if needed.
In short, continuous deployment
allows for changes to be made in the source code, and sent to production automatic.
The purpose is to save time in changing live servers for IT team.
WebApp Scan#
- Tenable Web Application Scanning can scan any pipeline, including:
- Bamboo
- CircleCI
- GitHub Actions
- GitLab
- Jenkins
- Azure DevOps