copyright | lastupdated | keywords | subcollection | ||
---|---|---|---|---|---|
|
2024-02-22 |
DevSecOps, ibm cloud, best practices, secure application, continuous integration, |
devsecops |
{{site.data.keyword.attribute-definition-list}}
{: #practices-ci-toolchain-iac}
The implementation of continuous integration (CI) toolchain for Infrastructure as Code (IaC) DevSecOps follows these practices. {: shortdesc}
- Runs a static code scanner on the infrastructure code repositories and performs Terraform linting checks on the infrastructure code.
- Runs compliance checks on the infrastructure code to detect secrets and security vulnerabilities.
- Builds artifacts on every Git commit.
- Stores the built artifacts metadata in the inventory repository.
- Automatically builds and validates any code that is merged into the target Git repository branch.