This article serves as a comprehensive guide to the third phase of DevSecOps which covers the Build Stage of CI/CD pipelines with a focus on security
The build phase is critical in DevSecOps as it represents the last controllable chokepoint in the development lifecycle where vulnerabilities can be detected before they are baked into the software and inherited by downstream environments
Static Application Security Testing (SAST) and Software Composition Analysis (SCA) serve as the cornerstone of security controls for the build phase, enabling the detection of vulnerabilities in source code and dependent libraries respectively
The article also highlights the importance of generating a Software Bill of Materials (SBOM) to gain visibility into the software supply chain and setting up secure artifact handling to ensure the integrity of the built artifacts