CI/CD Hardening

A crucial part of your software development process is your CI/CD process and pipeline. A hardening process helps to ensure that your pipeline is secure, reliable, and efficient. This is especially important when dealing with sensitive or proprietary information, as a breach in your pipeline could potentially compromise your data and source code.

A robust CI/CD pipeline helps to ensure that your software is delivered to your users in a timely and consistent manner, and for your developers to get immediate and fast feedback, which is why speed of scanning is very important. By taking steps to harden your CI/CD pipeline with Spectral, you can help to reduce the risk of security breaches and improve the overall quality of your software while also keeping fast and efficient scans in check.

With Spectral, you get the following benefits:

  • Fast scans (keeping your pipeline fast)
  • Full coverage of CI/CD steps, and security rules and guidelines such as locking a specific version for an Action on Github Action, as well as other SLSA based practices.
  • Zero trust / fully airgapped scan: no additional permission requested and no data is sent out of your CI/CD pipeline

Running Spectral in CI/CD Hardening Mode

You can explore any of the below commands for a remote user, repo or organization:

$HOME/.spectral/spectral discover github -k repo [YOUR_REPO]
$HOME/.spectral/spectral discover github -k user [YOUR_USER]
$HOME/.spectral/spectral discover github -k org [YOUR_ORGANIZATION]

In your CI, or local machine, you can scan the current project:

$HOME/.spectral/spectral discover github --kind repo .

discover means Spectral will securely fetch Github pipeline settings and security posture to your local workstation, as well as local Github pipeline settings, merge the two data domains and scan for issues. Again, everything happens on your machine, and no traffic goes out of your machine to any of Spectral's assets.

Learn more

For questions and help, feel free to directly contact support