Benchmark: 2.4 Pipeline Integrity
This section consists of security recommendations for keeping pipeline integrity.
Integrity means ensuring that the pipelines, the dependencies they use, and their artifacts are all authentic and what they intended to be. Securing the pipeline integrity is to verify that every change and process running during the build pipeline run is what it is supposed to be. One way to do that, for example, is to lock each dependency to a certain secured version. It is important to insist on securing that because this is the way to set trust with the customer.
Browse dashboards and select 2.4 Pipeline Integrity:
Or run the benchmarks in your terminal:
steampipe check github_compliance.benchmark.cis_supply_chain_v100_2_4
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share github_compliance.benchmark.cis_supply_chain_v100_2_4
- 2.4.2 Ensure all external dependencies used in the build process are locked
- 2.4.6 Ensure pipeline steps sign the SBOM produced