Profile Applicability:
Level 1
Description:
Each step in the build process must have clearly defined and documented inputs and outputs. This clarity ensures that build stages are modular, traceable, and auditable, enabling easier debugging, maintenance, and validation of the build pipeline.
Rationale:
Defining inputs and outputs for build stages reduces ambiguity, facilitates troubleshooting, and improves the reliability of the build process. It supports better process control and enables automated verification of build correctness and completeness.
Impact:
Pros:
Enhances pipeline clarity and modularity.
Simplifies debugging and maintenance.
Improves auditability and traceability.
Supports automation and process validation.
Cons:
Requires disciplined documentation and process control.
May add overhead during build pipeline design and updates.
Default value:
Build steps may lack explicit input/output definitions, causing complexity and potential errors.
Audit:
Review build documentation and pipeline configurations to verify explicit definitions of inputs and outputs for each stage. Inspect build logs and artifacts for consistency.
Remediation:
Implement standards and templates for documenting build stage inputs and outputs. Train teams on best practices. Enforce documentation as part of pipeline development and change management.
References:
Continuous Integration Best Practices: https://martinfowler.com/articles/continuousIntegration.html
DevOps Pipeline Design: https://azure.microsoft.com/en-us/resources/devops-pipeline/
CIS Controls v8, Control 6 - Maintenance, Monitoring, and Analysis of Audit Logs: https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/