Skip to main content

Workflows

In order to ensure a safe development process within our work structure, we will outline several stages that must be implemented. It is essential to consider that these stages must be adjusted to the particularities of each project, recognizing that not all of them must necessarily be incorporated in each case. This provides us with a flexible and customizable approach to achieve optimal levels of security for each individual project.

In this phase, we will use a specialized tool to detect any leakage of sensitive information, such as passwords, in our code repository. This measure is crucial to avoid inadvertent exposure of confidential data, which could result in potential vulnerabilities or unauthorized disclosure of information.

Dependency Analysis (SBOM - Software Bill of Materials)​

We will carry out a complete dependency analysis of our project using a specialized tool. This analysis gives us a deep understanding of the libraries and components we rely on, as well as assisting us in identifying potential vulnerabilities in these dependencies. This stage is essential to ensure the security and stability of our application as it evolves in its life cycle.

Unit Testing and Integration​

We will perform unit tests to confirm the proper performance of the different sections of our code. This action is essential to identify and solve problems or errors at an early stage, which helps to establish the robustness of our application. In addition, we will conduct integration tests to ensure consistent and efficient interaction between the various modules and components as a whole, guaranteeing a comprehensive and reliable system performance.

Static Application Security Testing (SAST)​

We will apply a static security analysis on the code using a specialized tool to look for known vulnerabilities and quality issues. Early detection of vulnerabilities in the early stages of the development process plays a key role in preventing potential security breaches in the future. This thorough evaluation helps ensure the integrity and robustness of the code as it is developed and prevents the propagation of undetected problems to later stages of the process.

Dockerfile analysis​

At this stage, we move into container imaging with a focus on security and adherence to best practices. To achieve this, we incorporate a rigorous analysis of Dockerfiles, which involves evaluating the structure and content for potential issues or configurations that could compromise security. This thorough assessment ensures that our container images follow recommended guidelines, minimizing exposure to potential vulnerabilities and risks from the earliest stages of the construction process.

Container Construction​

Container construction involves the creation of isolated images that encapsulate applications and their dependencies in portable environments. Through Dockerfile files and best practices, secure and efficient execution environments are configured. During this process, construction is automated, component integrity is verified and digital signatures can be applied to ensure authenticity. This phase lays the foundation for consistent and reliable implementations in a production environment.

Container Analysis​

After completion of the container construction, we will conduct a thorough analysis to assess its safety. During this process, the container components will be thoroughly examined for potential vulnerabilities and risks. The information obtained through this analysis provides a detailed view of the integrity and security of the container, allowing us to take proactive steps to address any potential points of vulnerability before deploying it in the production environment.

Container Signing​

In order to further increase security, we will apply additional measures by digitally signing our containers using Cosign. Digital signatures provide authenticity and integrity verification for containers. This step ensures that the containers have not been modified and are from a reliable source.

Dynamic Analysis (DAST - Dynamic Application Security Testing)​

At this crucial stage, we will perform a dynamic security analysis using tests that simulate real-time attacks on the deployed code. This process provides valuable insight by identifying potential vulnerabilities and risks that could be exploited by real threats. By actively exploring the potential weaknesses of the application during its operation, this phase allows us to take preventive measures to further strengthen the resilience and security of our application in a live production environment.

Rigorous implementation of these phases allows us to build more secure and reliable applications, while reducing the risks associated with vulnerabilities and security breaches. Each step contributes significantly to the creation of a more robust and protection-oriented development process for our systems and data.