CI/CD Cybersecurity SIG from The Continuous Delivery Foundation
This CI/CD Cybersecurity Guide was put together by the Continuous Delivery Foundation’s CI/CD Cybersecurity SIG, which plays a pivotal role in advancing CI/CD security and supporting organizations in meeting modern cybersecurity demands. The group focuses its efforts on integration frameworks, best practices, and emerging tooling, to address the critical need to embed security into every stage of the CI/CD pipeline, ensuring a resilient and secure software development lifecycle.
Three Cybersecurity Phases
CI/CD Cybersecurity Guide is segmented into three 3 major chapters:
- Post Deploy
Building security into Post Deploy steps such as testing, SBOM generation, and continuous vulnerabiity management.
Contribute to the Guide
Join us and bring your knowledge to build cybersecurity into CI/CD workflows.
- Join the GitHub Repository: Add your name to the Read.me.
- Add yourself to the Mailing List: Signup to be notified of meetings and events.
- Join the CDF Slack Channel: Join the CDF Slack Channel and the sig-cicd-cybersecurity thread for daily information.
- Attend a Meetup or Event: Join or start a Meetup in your local area. Bring this discussion to a Jenkins Meetups. Submit a talk at other Linux Foundation events.
About the CD Foundation
Continuous Delivery Foundation (CDF) serves as the vendor-neutral home of many of the fastest-growing projects for continuous integration/continuous delivery (CI/CD). It fosters vendor-neutral collaboration between the industry’s top developers, end users and vendors to further CI/CD practices and industry specifications. Its mission is to grow and sustain projects that are part of the broad and growing continuous delivery ecosystem. The CDF is part of https://www.linuxfoundation.org/ home to both the CNCF and OpenSSF.