Continuous Assurance: Continuous Integration meets Containers Security

Jordan Caraballo-Vega

Abstract

Continuous Integration (CI) is a software development technique where developers integrate code into one or more shared repositories on a frequent basis. CI key principles reside in revision control, build automation, and automated testing. It has the capacity of decreasing debugging time while increasing development productivity.

Based on security concerns, the NCCS has refined the idea of enhancing CI with Continuous Assurance (CA) techniques. The aim of this project is to research and build a reinforced CI/CA infrastructure able to significantly reduce security risks and monitor the build processes. Added features will include voting to approve/disapprove the associated workflows and any changes.