An easy introduction to DevOps pipeline automation and the potential security concerns including all questions and answers in Intro to Pipeline Automation room.
- Link to challenge: https://tryhackme.com/room/introtopipelineautomation
- Difficulty: Info
- Created by: am03bam4n
DevOps Pipelines Explained
Q: Where in the pipeline is our end product deployed?
A: Environments
Source Code and Version Control
Q: Who is the largest online provider of Git?
A: GitHub
Q: What popular Git product is used to host your own Git server?
A: GitLab
Q: What tool can be used to scan the commits of a repo for sensitive information?
A: GittyLeaks
Dependency Management
Q: What do we call the type of dependency that was created by our organization? (Internal/External)
A: Internal
Q: What type of dependency is JQuery? (Internal/External)
A: External
Q: What is the name of Python’s public dependency repo?
A: PyPi
Q: What dependency 0day vulnerability set the world ablaze in 2021?
A: Log4j
Automated Testing
Q: What type of tool scans code to look for potential vulnerabilities?
A: SAST
Q: What type of tool runs code and injects test cases to look for potential vulnerabilities?
A: DAST
Q: Can SAST and DAST be used as a replacement for penetration tests? (Yea,Nay)
A: Nay
Continuous Integration and Delivery
Q: What does CI in CI/CD stand for?
A: Continuous Integration
Q: What does CD in CI/CD stand for?
A: Continuous Delivery
Q: What do we call the build infrastructure element that controls all builds?
A: Build orchestrators
Q: What do we call the build infrastructure element that performs the build?
A: Build agents
Environments
Q: Which environment usually has the weakest security configuration?
A: DEV
Q: Which environment is used to test the application?
A: UAT
Q: Which environment is similar to PROD but is used to verify that everything is working before it is pushed to PROD?
A: PrePROD
Q: What is a common class of vulnerabilities that is discovered in PROD due to insecure code creeping in from DEV?
A: Developer Bypasses
Challenge
The last step of this room is to complete the diagram of the pipeline and answer the questions.
Q: What is the flag received after successfully building your pipeline?
A: see below on the screenshot
Pythonistka 