GitOps uses Git repositories as the source of truth for both application code and infrastructure configuration — meaning Git access controls directly determine who can modify production infrastructure. Security testing covers: Git repository access controls (who can push to production branches?), branch protection rules, secret management (are credentials in Git history?), GitOps controller security (ArgoCD, Flux), webhook security for Git-to-deployment triggers, and the blast radius of a compromised Git account.
Technical
GitOps Security: Securing Git-Driven Infrastructure and Application Delivery for Malaysian Enterprises
GitOps uses Git as the source of truth for infrastructure. Security implications of putting everything in version control. Guidance for MY market.