Everything you need to know

Secure CI/CD Pipelines
like a 10x Engineer

Secure CI/CD Pipelines
like a 10x Engineer

Secure CI/CD Pipelines like a 10x Engineer

Explore the main approaches to securing CI/CD pipelines, with a novel approach that is used by leading tech-forwards orgs to enhance developer velocity and improve cloud security.

No Public Endpoints | No Dangerous Permissions | Immediate Feedback

Explore the main approaches to securing CI/CD pipelines, with a novel approach that is used by leading tech-forwards orgs to enhance developer velocity and improve cloud security.

No Public Endpoints | No Dangerous Permissions | Immediate Feedback

Explore the main approaches to securing CI/CD pipelines, with a novel approach that is used by leading tech-forwards orgs to enhance developer velocity and improve cloud security.

No Public Endpoints | No Dangerous Permissions | Immediate Feedback

Beyond Security

Balancing Security and Scalability

Balancing Security and Scalability

Balancing Security and Scalability

CI/CD pipelines are essential for modern software development, enabling faster releases with less manual intervention. However, they can also introduce significant risks if not designed securely. This article focuses on securing access and network flows in CI/CD systems, with three core criteria for evaluation:


  1. Public Endpoints: Avoid publicly exposed systems vulnerable to attacks.

  2. Access Permissions: Minimize permissions granted to CI tools to prevent misuse.

  3. Deployment Feedback: Ensure immediate and visible deployment success/failure feedback.

According to Garner, more than 60% of organizations will embrace zero-trust principles as a starting place for security by 2025.

Three Main Approaches to Securing CI/CD Pipelines

Three Main Approaches to Securing CI/CD Pipelines

Three Main Approaches to Securing CI/CD Pipelines

Option 1: Secure Public Endpoints

This is the most common CI/CD setup today because it’s the easiest to implement. It allows teams to use SaaS CI/CD solutions like GitHub Actions, CircleCI, and TravisCI without maintaining in-house tools like GitLab or Jenkins. However, resources like Kubernetes clusters or VMs are publicly exposed so that CI/CD tools can deploy via push. This requires granting dangerous permissions to the CI/CD solution. Artifacts are often rebuilt at every stage, introducing inconsistencies between environments. While this approach is insecure, it does provide immediate deployment feedback since CI and CD run on the same platform.

Option 2: Split CI/CD with Artifact Repositories

In this approach, CI and CD are separated, with an artifact repository ensuring consistent artifacts across environments to avoid drift. CI tools no longer need deployment permissions, and deployment targets remain private by pulling artifacts instead of receiving pushes. However, SaaS-based CI tools may require exposing artifact registries publicly. A key drawback is the lack of immediate feedback—CI tools can’t confirm deployment success, and CD tools may introduce delays by periodically checking for artifacts. In larger setups, these delays can compound, creating bottlenecks and reducing the efficiency of scaling operations.

Option 3: Zero Trust Network Access with Headless Client

This approach leverages Zero Trust solutions like Twingate to remove public access to cloud resources, significantly improving security over Option 1. It retains immediate deployment feedback, as deployments are still push-based and reported back to CI. However, CI/CD tools still require dangerous permissions to deploy software. Additionally, artifacts are often rebuilt for each environment, increasing the risk of inconsistencies.

Option 1: Secure Public Endpoints

This is the most common CI/CD setup today because it’s the easiest to implement. It allows teams to use SaaS CI/CD solutions like GitHub Actions, CircleCI, and TravisCI without maintaining in-house tools like GitLab or Jenkins. However, resources like Kubernetes clusters or VMs are publicly exposed so that CI/CD tools can deploy via push. This requires granting dangerous permissions to the CI/CD solution. Artifacts are often rebuilt at every stage, introducing inconsistencies between environments. While this approach is insecure, it does provide immediate deployment feedback since CI and CD run on the same platform.

Option 2: Split CI/CD with Artifact Repositories

In this approach, CI and CD are separated, with an artifact repository ensuring consistent artifacts across environments to avoid drift. CI tools no longer need deployment permissions, and deployment targets remain private by pulling artifacts instead of receiving pushes. However, SaaS-based CI tools may require exposing artifact registries publicly. A key drawback is the lack of immediate feedback—CI tools can’t confirm deployment success, and CD tools may introduce delays by periodically checking for artifacts. In larger setups, these delays can compound, creating bottlenecks and reducing the efficiency of scaling operations.

Option 3: Zero Trust Network Access with Headless Client

This approach leverages Zero Trust solutions like Twingate to remove public access to cloud resources, significantly improving security over Option 1. It retains immediate deployment feedback, as deployments are still push-based and reported back to CI. However, CI/CD tools still require dangerous permissions to deploy software. Additionally, artifacts are often rebuilt for each environment, increasing the risk of inconsistencies.

Flexible access

This is the most common CI/CD setup today because it’s the easiest to implement. It allows teams to use SaaS CI/CD solutions like GitHub Actions, CircleCI, and TravisCI without maintaining in-house tools like GitLab or Jenkins. However, resources like Kubernetes clusters or VMs are publicly exposed so that CI/CD tools can deploy via push. This requires granting dangerous permissions to the CI/CD solution. Artifacts are often rebuilt at every stage, introducing inconsistencies between environments. While this approach is insecure, it does provide immediate deployment feedback since CI and CD run on the same platform.

Option 2: Split CI/CD with Artifact Repositories

In this approach, CI and CD are separated, with an artifact repository ensuring consistent artifacts across environments to avoid drift. CI tools no longer need deployment permissions, and deployment targets remain private by pulling artifacts instead of receiving pushes. However, SaaS-based CI tools may require exposing artifact registries publicly. A key drawback is the lack of immediate feedback—CI tools can’t confirm deployment success, and CD tools may introduce delays by periodically checking for artifacts. In larger setups, these delays can compound, creating bottlenecks and reducing the efficiency of scaling operations.

Option 3: Zero Trust Network Access with Headless Client

This approach leverages Zero Trust solutions like Twingate to remove public access to cloud resources, significantly improving security over Option 1. It retains immediate deployment feedback, as deployments are still push-based and reported back to CI. However, CI/CD tools still require dangerous permissions to deploy software. Additionally, artifacts are often rebuilt for each environment, increasing the risk of inconsistencies.

Main approaches address some concerns but leave gaps

Main approaches address some concerns but leave gaps

Option 4 is the ideal solution for balancing security and scalability, especially for globally distributed teams under pressure to ship faster:

  1. No Public Endpoints:
    Zero Trust principles ensure all resources remain private, significantly reducing the attack surface. Teams can scale securely without worrying about exposing artifact registries or deployment targets, even when adopting SaaS-based CI tools.

  2. No Dangerous Permissions:
    By decoupling CI and CD and shifting to pull-based deployments, CI tools are no longer a security risk. This enforces least privilege access and minimizes the blast radius if credentials are compromised.

  3. Immediate Feedback:
    Webhook-based feedback loops deliver real-time success or failure updates, ensuring CI pipelines maintain visibility into deployment outcomes. This eliminates delays caused by polling, enabling faster cycles and minimizing bottlenecks.

The 10x Engineer Approach

Split CI/CD with Feedback Loop to CI

Split CI/CD with Feedback Loop to CI

Split CI/CD with Feedback Loop to CI

1. Separation of CI and CD with Feedback Loop to CI

  • Artifact Consistency: Build artifacts once during CI and store them in a private registry. These artifacts are pulled consistently across environments (e.g., dev, staging, production), eliminating drift.

  • Controlled Access: CI tools don’t need direct permissions to deploy. Instead, deployment targets (e.g., Kubernetes clusters) pull artifacts securely.



2. Elimination of Public Endpoints

  • Private Connectivity: All resources are accessed securely through Zero Trust solutions (e.g., Twingate).

  • Zero Trust Principles: Fine-grained access controls ensure only authorized components can interact, reducing the attack surface.



3. Removal of Dangerous Permissions

  • Pull-Based Deployments: Deployment tools (like ArgoCD or FluxCD) pull artifacts instead of CI tools pushing changes. This removes the need for CI to hold dangerous permissions.

  • Least Privilege: Resources authenticate securely using minimal permissions and headless clients.



4. Immediate Feedback via Webhooks

  • Scoped Permissions: CI tools retain limited, read-only access to production, scoped specifically to check deployment status.

  • Clear Feedback: Webhooks provide real-time success or failure updates, ensuring CI pipelines can immediately confirm deployment outcomes.

Here are the Steps to Implement the 4th Option

Here are the Steps to Implement the 4th Option

Here are the Steps to Implement the 4th Option

1

Set Up a Private Artifact Registry

Use solutions like AWS ECR, GCP Artifact Registry, or JFrog Artifactory.

2

Secure Artifact Access:

Use Zero Trust tools that can be automatically deployed with IaC (e.g., Twingate) to enable private, secure access for deployment targets.

3

Adopt Pull-Based Deployments:

Deploy using tools like ArgoCD or FluxCD. Targets authenticate via secure, headless clients.

4

Integrate Immediate Feedback:

Configure webhooks to notify the CI system of deployment outcomes.

Zero Trust Implementation

10x Engineer
Implementation

10x Engineer
Implementation

10x Engineer
Implementation

While its implementation requires careful design and expertise, the result is a secure, scalable, and efficient CI/CD process.

  • Neel Palrecha

    Neel Palrecha

    CTO

    “WFH made it clear that our old solution wasn't going to scale. We were surprised at how easy it was to get Twingate up, and we're excited to roll it out to the whole company.“

    Bob Bousquet

    Director of IT

    “Twingate had faster speeds than any other solution we evaluated. They make zero trust easy and our users are loving the experience.”

    Luis Zaldivar

    SRE Manager

    “We got set up in literally 30 minutes and Twingate has easily scaled to manage our most complex workflows. Even our engineers love it - and that's a high bar.”

    Emery Wells

    CEO

    “Our old VPN was giving us serious issues and causing flaky Zoom calls with everyone working remotely. It drove me and my team crazy. Twingate couldn't come soon enough.”

    Christian Trummer

    CTO

    “We evaluated several competing vendors for zero trust and Twingate was clearly the easiest to deploy. We got Twingate up in minutes.”

    Paul Guthrie

    Information Security Officer

    “We've invested heavily in automation at Blend and Twingate is a powerful platform that allows us to programmatically deploy and maintain a zero trust approach to our infrastructure.”