From securityboulevard.com
One of the main contributors to the weak security posture of development environments is the complexity and knowledge gap created by the number of tools and services involved in this process. With more than a hundred CI/CD tools to choose from and hundreds of plugins and services connected to those tools, no wonder security teams are having a hard time keeping tabs on the amount of information and staying on top of the security requirements of these environments.
It is not rare to see a CI/CD pipeline which includes 10 to 20 different tools and services; some of these cloud-based, others open source tools with a variety of plugins installed. It is impossible to manually keep track of this complexity, and it often results in an exposure of your environment, code, secrets and network through those tools and plugins’ vulnerabilities.