Securing a deployment pipeline

Len Bass, Ralph Holz, Paul Rimba, An Binh Tran, Liming Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

31 Citations (Scopus)
169 Downloads (Pure)


At the RELENG 2014 Q&A, the question was asked, “What is your greatest concern?” and the response was “someone subverting our deployment pipeline”. That is the motivation for this paper. We explore what it means to subvert a pipeline and provide several different scenarios of subversion. We then focus on the issue of securing a pipeline. As a result, we provide an engineering process that is based on having trusted components mediate access to sensitive portions of the pipeline from other components, which can remain untrusted. Applying our process to a pipeline we constructed involving Chef, Jenkins, Docker, Github, and AWS, we find that some aspects of our process result in easy to make changes to the pipeline, whereas others are more difficult. Consequently, we have developed a design that hardens the pipeline, although it does not yet completely secure it.
Original languageEnglish
Title of host publication2015 IEEE/ACM 3rd International Workshop on Release Engineering
Place of PublicationPiscataway, NJ
Number of pages5
ISBN (Electronic)978-1-4673-7070-7
Publication statusPublished - 2015
Externally publishedYes
Event2015 IEEE/ACM 3rd International Workshop on Release Engineering - Florence, Italy
Duration: 30 Jul 201530 Jul 2015
Conference number: 3


Workshop2015 IEEE/ACM 3rd International Workshop on Release Engineering


  • Supply chain
  • Continuous deployment
  • DevOps


Dive into the research topics of 'Securing a deployment pipeline'. Together they form a unique fingerprint.

Cite this