01. What is CI/CD Security?
CI/CD security involves protecting the automated processes of building, testing, and deploying software. A compromised pipeline can allow attackers to inject malicious code directly into production.
02. Secret Management
Secrets like API keys and database credentials should never be in plain text. Use injection at runtime from secure vaults.
FAQ
Should I store API keys in my repo?
No. Never store secrets in your source code. Use environment variables or a dedicated secret manager like HashiCorp Vault or GitHub Secrets.
What is DAST vs SAST?
SAST (Static Analysis) scans your source code for vulnerabilities, while DAST (Dynamic Analysis) tests your running application from the outside.