Profile Applicability:
Level 1
Description:
Build worker environments and commands should be explicitly defined and pushed to the build workers rather than relying on the workers to pull configurations or commands from external sources. This approach ensures better control, consistency, and security by preventing unauthorized or unintended configurations from being introduced.
Rationale:
Pushing environments and commands reduces the risk of compromised or tampered sources affecting the build process. It enforces a controlled and auditable mechanism for delivering build instructions and environments, supporting secure and repeatable builds.
Impact:
Pros:
Enhances control over build environment consistency.
Reduces risk of unauthorized or malicious configurations.
Supports auditability and traceability of build commands.
Facilitates compliance with security policies.
Cons:
May require additional infrastructure or tooling for push delivery.
Could increase operational complexity in deployment management.
Default value:
Some build systems rely on pull mechanisms by default, potentially increasing exposure to risks.
Audit:
Review build pipeline configurations and logs to confirm environments and commands are pushed rather than pulled. Verify integrity and source controls for build instructions.
Remediation:
Implement push-based delivery systems for build environments and commands. Restrict pull mechanisms or validate their security rigorously. Train teams on secure build environment management.
References:
OWASP DevSecOps Guidelines: https://owasp.org/www-project-devsecops-guideline/
CIS Controls v8, Control 4 - Secure Configuration of Enterprise Assets and Software: https://www.cisecurity.org/controls/secure-configuration-of-enterprise-assets-and-software/
NIST SP 800-53 AC-17 - Remote Access: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final