CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments

Today, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI) to provide recommendations and best practices for organizations to strengthen the security of their CI/CD pipelines against the threat of malicious cyber actors (MCAs).

Recognizing the various types of security threats that could affect CI/CD operations and taking steps to defend against each one is critical in securing a CI/CD environment. Organizations will find in this guide a list of common risks found in CI/CD pipelines and attack surfaces that could be exploited and threaten network security.

CISA and NSA encourage all organizations to review this CSI and apply the recommended actions.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments

Please share your thoughts

Progress Software Releases Security Bulletin for MOVEit Transfer

CISA Releases Seven Industrial Control Systems Advisories

CISA and Partners Release Guidance for Exploring Memory Safety in Critical Open Source Projects

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments

Please share your thoughts

Related Advisories

Progress Software Releases Security Bulletin for MOVEit Transfer

CISA Releases Seven Industrial Control Systems Advisories

CISA and Partners Release Guidance for Exploring Memory Safety in Critical Open Source Projects

CISA Adds Three Known Exploited Vulnerabilities to Catalog