CI/CD pipelines produce build artifacts — container images, packages, binaries — that deploy directly to production. If artifacts are tampered with or contain vulnerabilities, the compromise reaches production automatically. Testing covers: are container images scanned for known vulnerabilities? Are artifacts signed and signatures verified at deployment? Can unauthorized artifacts be injected into the pipeline? Are base images from trusted sources? And does the artifact registry enforce access controls?
Technical
Security Testing for CI/CD Build Artifacts: Container Images, Packages, and Binaries cho Doanh nghiệp Việt Nam
Build artifacts ship to production. Testing whether artifacts are scanned, signed, and verified before deployment. Guidance for VN market.