This web page provides a walkthrough for the "Intro to Pipeline Automation" room on TryHackMe, covering topics such as DevOps pipelines, source code and version control, dependency management, automated testing, continuous integration and delivery, and environments.
Abstract
The web page titled "TryHackMe | Intro to Pipeline Automation | WriteUp" is a guide for users to learn about pipeline automation and its security implications. The page covers various topics related to DevOps pipelines, including source code and version control, dependency management, automated testing, continuous integration and delivery, and environments. The guide is structured as a series of tasks, each with a question and answer format, to help users understand the concepts and apply them in practice. The page also includes links to external resources and a YouTube video for further learning.
Bullet points
The web page is a walkthrough for the "Intro to Pipeline Automation" room on TryHackMe.
The guide covers various topics related to DevOps pipelines, including source code and version control, dependency management, automated testing, continuous integration and delivery, and environments.
The guide is structured as a series of tasks, each with a question and answer format.
The page includes links to external resources and a YouTube video for further learning.
The guide aims to help users understand the concepts of pipeline automation and apply them in practice.
The guide also covers potential security risks associated with pipeline automation.
The guide is intended for users who are interested in learning about pipeline automation and its security implications.
TryHackMe | Intro to Pipeline Automation | WriteUp
This room provides an introduction to DevOps pipeline automation and the potential security concerns
Humans are always looking for simpler and more efficient ways to do things. Just as we started programming and developing software, we were looking for ways to automate some of the tasks. Today, automation is heavily ingrained in the Software Development Life Cycle (SDLC) and DevOps processes. While this is incredibly good for production, allowing for faster development and deployment, it does, however, introduce new security risks. When these processes are manual, an attacker would have to compromise the credentials or workstation of the individual that performed the relevant process. However, with automation, an attacker can now go after the pipeline itself.
I’m ready to learn about pipeline automation and how to make sure it is secure!
No answer needed
Task 2 DevOps Pipelines Explained
Where in the pipeline is our end product deployed?
Environments
Task 3 Source Code and Version Control
Who is the largest online provider of Git?
Github
What popular Git product is used to host your own Git server?
Gitlab
What tool can be used to scan the commits of a repo for sensitive information?
GittyLeaks
Task 4 Dependency Management
What do we call the type of dependency that was created by our organisation? (Internal/External)
Internal
What type of dependency is JQuery? (Internal/External)
External
What is the name of Python’s public dependency repo?
PyPi
What dependency 0day vulnerability set the world ablaze in 2021?
Log4j
Task 5 Automated Testing
What type of tool scans code to look for potential vulnerabilities?
SAST
What type of tool runs code and injects test cases to look for potential vulnerabilities?
DAST
Can SAST and DAST be used as a replacement for penetration tests? (Yea,Nay)
Nay
Task 6 Continuous Integration and Delivery
What does CI in CI/CD stand for?
Continuous Integration
What does CD in CI/CD stand for?
Continuous Delivery
What do we call the build infrastructure element that controls all builds?
Build Orchestrator
What do we call the build infrastructure element that performs the build?
Build Agent
Task 7 Environments
Which environment usually has the weakest security configuration?
DEV
Which environment is used to test the application?
UAT
Which environment is similar to PROD but is used to verify that everything is working before it is pushed to PROD?
PrePROD
What is a common class of vulnerabilities that is discovered in PROD due to insecure code creeping in from DEV?
Developer Bypasses
Task 8 Challenge
What is the flag received after successfully building your pipeline?
THM{Pipeline.Automation.Is.Fun}
Task 9 Conclusion
I understand the basic pipeline structure, and I’m ready to do a deep dive into each element!