First, you’ll be added to our Magenta Cloud SLACK workspace - an easy and efficient way how to interact with all community members. We’ll invite you also to our GitLab workspace where the actual solutions will be discussed and developed. You will have access to the TDAG’s YAM page where we share our progress internally with our DTAG colleagues and in the same time we do have our public page link to share our work with broader community. Be welcome to Magenta Cloud CI/CD stream!

First, please visit our Introduction page to have an overview on the initiative itself. After you’re familiar with topics, please visit the How to Contribute page. You can contribute either by implementing a solution, following the General Flow, by adding a new topic or reviewing the code. As an observer, feel free to comment on user stories, feedback solutions and discuss the issues. In any time don’t hesitate to Slack us in our Magenta Cloud workspace and we’ll be happy to help you around!

The complete list of current CI/CD Stream stakeholders and members can be viewed here. We’re having a regular one-hour weekly Community call, every Friday at 9:00. On top of it, we’re having ad-hoc technical sessions where we discuss current work, proposals and solutions on a hight expert level.

CI/CD is a set of methods that enables application developers to deliver code changes more frequently to customers through the use of automation. You can learn here

You should ensure that your builds are clean and secure before they are deployed. You can accomplish this by implementing security scanning across your CI/CD pipeline! Uses existing messaging channels for alerts on build security quality issues. Provides meaningful information to the developer through preferred channels, not just, “Hey, your build failed because ‘Computer says no…’ " The more detailed the information, the faster the developer can likely diagnose the problem and get the build back on track.

Bear in mind security triad: Confidentiality, Integrity, and Availability.
Gather as much information about: -consumed/produced data -the regulatory requirements -locations that data will traverse Make sure you do the cyberthreat modeling. More..

Per CodeDx, organizations can ensure the security of their CI/CD pipeline with relative ease so long as they’ve followed the best practices for DevSecOps. They should specifically require authentication for anyone to push changes to the CI/CD pipeline, implement login tracking and confirm that builds reside on secure servers only.

In contrast to security of the pipeline, security in the pipeline is a bit more involved. Organizations should focus on several best practices like SAST, peer code reviewes, unit testing, functional security testing, security automation.

It is one of fundamentals to have its security-relevant data noted down somewhere getting ready to react swiftly and efficiently if something goes wrong (e.g. during a system failure or a security breach). Security-relevant data shall be precise, relevant and up-to-date, it should be coming from a product’s resources directly (such as source codes, configuration files, etc.). More..