Software developers are facing continuous pressure to push out software at high velocity. CI/CD pipelines have the ability to automate secure software development with scheduled updates and built-in security checks. But major data breaches have demonstrated a significant and growing risk to the pipeline in recent months. Verizon’s 2020 Data Breach Investigations Report found that one-third of data breaches originate from insider actors. Another significant threat to the software supply chain is unpatched vulnerabilities in code. Attackers search for vulnerabilities in open-source code.
Source: https://www.helpnetsecurity.com/2021/04/01/ci-cd-pipelines/