AdvancedTechnical
5 min
Securing CI/CD Pipelines for Production
CI/CDSecurityDevOps
Advertisement
Interview Question
Explain how you would secure a CI/CD pipeline to protect against supply chain attacks and credential leaks.
Key Points to Cover
- Use isolated runners with minimal privileges
- Enable dependency scanning and signature verification
- Rotate and mask secrets using vaults or pipeline managers
- Audit pipeline artifacts and build provenance
- Apply RBAC for pipeline access and branch protections
Evaluation Rubric
Identifies potential pipeline security risks30% weight
Applies correct mitigation techniques30% weight
Automates scanning and alerts20% weight
Implements RBAC and change control20% weight
Hints
- 💡SBOMs, Sigstore, OIDC-based secret injection.
Potential Follow-up Questions
- ❓What tools would you use to detect compromised builds?
- ❓How do you secure artifacts long-term?
Advertisement