Infrastructure Testing at Scale in CI/CD

Agile enterprises are constantly facing new challenges when it comes to embedding security in the Cl/CD DevOps processes. One of the main pros of adopting DevOps is gaining speed but that does not always match with having thorough security checks, especially when those checks are performed manually for each release/build. How does the new deployment affect the exposure of the environment where the application running? - New binaries - New logging mechanisms - New log files - New monitoring - New permissions - New configurations - New secrets How do we make sure that the environment is safe and does not introduce new privilege escalation vulnerabilities for example? Answering these questions for each machine in a landscape of thousands of VMs, images and IP addresses is not an easy manual task. In this talk, we want to share how we solved the issue in a large agile organisation like ING, and present our solution and approach to automate infrastructure testing in a Cl/CD environment built on top of Ansible and STRIDE.