Skip to main content

Dev Ops

Dev Ops is the union of people, process, and products to enable the continuous delivery of value to our end users.

Dev Ops Security

Checklist for Dev Ops security.

Remember that no security solution is completely foolproof, and maintaining vigilance while working with unknown code remains essential.

Key Security Risks

Common Attack Vectors Private key leaks remain a significant threat, with several sophisticated attack methods targeting developers:

  • LinkedIn interview scams targeting new developers with malicious code repositories
  • Supply chain attacks through compromised development packages
  • Smart contract audit traps using unfamiliar framework features

Primary Vulnerability The fundamental security risk stems from running unvetted code on host machines where sensitive information like private keys, GitHub credentials, and personal files are stored.

Security Best Practices

Isolated Development Environments

  • Use Docker containers or Online Dev Environments to create isolated development environments
  • Run unfamiliar code in unmounted Docker containers to prevent access to the host system
  • Implement separate environments for testing unknown code

Docker Container Security

  • Start with blank Linux instances and explicitly define required libraries
  • Carefully control container permissions and access to network/files
  • Use unmounted containers when testing suspicious code
  • Be specific about which resources containers can access

Emergency Response If suspicious activity is detected:

  1. Immediately terminate the affected container using docker kill
  2. Close all associated development windows
  3. Remove the compromised container entirely

Additional Precautions

Development Environment Options

  • Use dedicated hardware for security research
  • Consider virtual machines as an alternative to containers
  • Implement dev containers built into VS Code for additional security

Network and File Access

  • Limit network access for containers running untrusted code
  • Be cautious with mounted containers and file system access
  • Carefully review any code requiring special permissions or framework features

Git

Feature Release Management

CI/CD

Continuous Integration/Continuous Delivery.

Continuous Integration

Continuous Integration (CI) is a development practice where developers integrate code into a shared repository frequently, preferably several times a day.

Each integration can then be verified by an automated build and automated tests. While automated testing is not strictly part of CI it is typically implied.

Automation of build tools through GitHub Actions is a common practice.

Continuous Delivery

Creating repeatable and reliable process for delivering software in order to deliver value to our customers fast.

Implementing a Full CI/CD Pipeline

NX

Running NX affected commands in GitHub Actions

NameNotes
Roadmap#diagram #good
Cloud Guru#cloud-computing
Nigel Poulton#k8s
Jessica Deen#azure #microservices #k8s
Mark Heath#azure #microservices #k8s