GitOps uses Git repositories as the source of truth for both application code and infrastructure configuration — meaning Git access controls directly determine who can modify production infrastructure. Security testing covers: Git repository access controls (who can push to production branches?), branch protection rules, secret management (are credentials in Git history?), GitOps controller security (ArgoCD, Flux), webhook security for Git-to-deployment triggers, and the blast radius of a compromised Git account.
Technical
GitOps Security: Securing Git-Driven Infrastructure and Application Delivery cho Doanh nghiệp Việt Nam
GitOps uses Git as the source of truth for infrastructure. Security implications of putting everything in version control. Guidance for VN market.