Benchmark: 2.3 Pipeline Instructions
This section consists of security recommendations for pipeline instructions and commands.
Pipeline instructions are dedicated to taking raw files of source code and running a series of tasks on them to achieve some final artifact as output. They are most of the time written by third-party developers so they should be treated carefully and can also be vulnerable to attack in certain situations. Pipeline instructions files are considered very sensitive, and it is important to secure all their aspects - instructions, access, etc.
Browse dashboards and select 2.3 Pipeline Instructions:
Or run the benchmarks in your terminal:
steampipe check github_compliance.benchmark.cis_supply_chain_v100_2_3
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share github_compliance.benchmark.cis_supply_chain_v100_2_3
- 2.3.1 Ensure all build steps are defined as code
- 2.3.5 Ensure access to build process triggering is minimized
- 2.3.7 Ensure pipelines are automatically scanned for vulnerabilities
- 2.3.8 Ensure scanners are in place to identify and prevent sensitive data in pipeline files