[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [CI CD Security](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown) 4. [What Is the CI/CD Pipeline?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) Table of Contents * [What Is CI/CD Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown) * [CI/CD Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#security?ts=markdown) * [Why CI/CD Security Is Critical](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#critical?ts=markdown) * [CI/CD Security Threats](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#threats?ts=markdown) * [Securing the CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#securing?ts=markdown) * [CI/CD Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#practices?ts=markdown) * [CI/CD Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#faqs?ts=markdown) * What Is the CI/CD Pipeline? * [CI/CD Pipeline Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-pipeline?ts=markdown) * [How CI/CD Works: A Day in the Life of the Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#how-ci-cd-works?ts=markdown) * [Stages of a CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#stages-of-a-ci-cd-pipeline?ts=markdown) * [Types of CI/CD Pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#types-of-ci-cd-pipelines?ts=markdown) * [CI/CD in the Cloud](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-in-the-cloud?ts=markdown) * [CI/CD Pipeline Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#best-practices?ts=markdown) * [CI/CD Pipeline KPIs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-pipeline-kpis?ts=markdown) * [CI/CD Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-tools?ts=markdown) * [Security in CI/CD](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#security-in-ci-cd?ts=markdown) * [CI/CD Trends on the Horizon](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-trends-on-the-horizon?ts=markdown) * [CI/CD Pipeline FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#faq?ts=markdown) * [What Is Insecure System Configuration?](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7?ts=markdown) * [CICD-SEC-7: Insecure System Configuration Explained](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#insecure?ts=markdown) * [Importance of Secure System Configuration in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#importance?ts=markdown) * [Preventing Insecure System Configuration in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#preventing?ts=markdown) * [Industry Standards for System Configuration Security](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#standards?ts=markdown) * [Insecure System Configuration FAQs](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#faqs?ts=markdown) * [What Is Shift Left Security?](https://www.paloaltonetworks.com/cyberpedia/shift-left-security?ts=markdown) * [Shift Left Security: A Developer-Centric Reality Check](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#shift?ts=markdown) * [Core Principles of Shift Left Security](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#core?ts=markdown) * [What Shift Left Looks Like in Practice](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#practice?ts=markdown) * [What Secure Looks Like Now](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#secure?ts=markdown) * [Shift Left Security FAQS](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#faqs?ts=markdown) * [What Is DevOps?](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) * [DevOps Is Not](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#devops?ts=markdown) * [DevOps Defined](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#defined?ts=markdown) * [CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#cicd?ts=markdown) * [DevOps and Security](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#security?ts=markdown) * [DevOps FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#faqs?ts=markdown) * [What Is Executive Order 14028?](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028?ts=markdown) * [What's the Purpose of EO 14028?](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#what?ts=markdown) * [NIST's Responsibilities Under Executive Order 14028](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#nist?ts=markdown) * [A Platform Approach to Securing Software Development](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#platform?ts=markdown) * [Tracing Vulnerabilities Through SBOMs](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#tracing?ts=markdown) * [Improving Software Supply Chain Security](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#improving?ts=markdown) * [Federal EO 14028 FAQs](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#faqs?ts=markdown) * [What Is Cloud Software Supply Chain Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-software-supply-chain-security?ts=markdown) * [What is DevSecOps?](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops?ts=markdown) * [What is DevSecOps?](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#what?ts=markdown) * [DevSecOps vs DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#devsecops?ts=markdown) * [Why DevSecOps Practices Are Important](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#why?ts=markdown) * [Five Guidelines to DevSecOps Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#five?ts=markdown) * [Finding the Best DevSecOps Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#finding?ts=markdown) * [The Best of DevSecOps: Trends in Cloud Native Security Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#the?ts=markdown) * [DevSecOps FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#faqs?ts=markdown) * [What Is Insufficient Flow Control Mechanisms?](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1?ts=markdown) * [CICD-SEC-1: Insufficient Flow Control Mechanisms Explained](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#insufficient-flow-control-mechanism?ts=markdown) * [Importance of Robust Flow Control Mechanisms in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#importance?ts=markdown) * [Preventing Insufficiency in Flow Control Mechanisms](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#preventing-insufficiency-in-flow-control-mechanism?ts=markdown) * [Best Practices to Ensure Sufficient Flow Control in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#best-practices?ts=markdown) * [The Impact of New Technologies on Flow Control](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#impact?ts=markdown) * [Insufficient Flow Control Mechanisms FAQs](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#faq?ts=markdown) * [What Is Poisoned Pipeline Execution (PPE)?](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4?ts=markdown) * [CICD-SEC-4: Poisoned Pipeline Execution Explained](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#pipeline?ts=markdown) * [Importance of Secure Pipeline Execution in CI/CD](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#importance?ts=markdown) * [Preventing Poisoned Pipeline Execution](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#poisoned?ts=markdown) * [Poisoned Pipeline Execution FAQs](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#faqs?ts=markdown) * [What Is Ungoverned Usage of Third-Party Services?](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8?ts=markdown) * [CICD-SEC-8: Ungoverned Usage of Third-Party Services Explained](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#ungoverned?ts=markdown) * [Importance of Governing Third-Party Services in CI/CD](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#importance?ts=markdown) * [Preventing Ungoverned Usage of Third-Party Services](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#preventing?ts=markdown) * [Industry Standards for Governing Third-Party Services](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#industry?ts=markdown) * [Ungoverned Usage of Third-Party Services FAQs](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#faqs?ts=markdown) * [What Is Insufficient Pipeline-Based Access Controls?](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5?ts=markdown) * [CICD-SEC-5: Insufficient Pipeline-Based Access Controls Explained](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#insufficient?ts=markdown) * [Importance of Pipeline-Based Access Controls in CI/CD](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#importance?ts=markdown) * [Preventing Insufficiency in Pipeline-Based Access Controls](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#preventing?ts=markdown) * [Industry Standards for Pipeline-Based Access Controls](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#industry?ts=markdown) * [Insufficient Pipeline-Based Access Controls FAQs](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#faqs?ts=markdown) * [What Is Insufficient Logging and Visibility?](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10?ts=markdown) * [CICD-SEC-10: Insufficient Logging and Visibility Explained](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#insufficient?ts=markdown) * [Importance of Sufficient Logging and Visibility in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#importance?ts=markdown) * [Preventing Insufficiency in Logging and Visibility](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#preventing?ts=markdown) * [Industry Standards for Logging and Visibility in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#standards?ts=markdown) * [Insufficient Logging and Visibility FAQs](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#faqs?ts=markdown) * [What Is Insufficient Credential Hygiene?](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6?ts=markdown) * [CICD-SEC-6: Insufficient Credential Hygiene Explained](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#insufficient-credential-hygiene-explained?ts=markdown) * [Importance of Credential Hygiene in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#importance?ts=markdown) * [Preventing Insufficiency in Credential Hygiene](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#preventing?ts=markdown) * [Industry Standards for Credential Hygiene in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#industry-standards?ts=markdown) * [Insufficient Credential Hygiene FAQs](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#faq?ts=markdown) * [What Is Inadequate Identity and Access Management?](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2?ts=markdown) * [CICD-SEC-2: Inadequate Identity and Access Management Explained](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#inadequate-identity?ts=markdown) * [Importance of Identity and Access Management in CI/CD](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#importance?ts=markdown) * [Preventing Inadequacy in Identity and Access Management](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#preventing-inadequacy?ts=markdown) * [Best Practices for IAM in CI/CD](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#best-practices?ts=markdown) * [Inadequate Identity and Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#faq?ts=markdown) * [What Is Improper Artifact Integrity Validation?](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9?ts=markdown) * [CICD-SEC-9: Improper Artifact Integrity Validation Explained](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#artifact?ts=markdown) * [Importance of Artifact Integrity Validation in CI/CD](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#importance?ts=markdown) * [Preventing Improper Artifact Integrity Validation](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#improper?ts=markdown) * [Industry Practices to Promote Artifact Integrity in CI/CD](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#promote?ts=markdown) * [Improper Artifact Integrity Validation FAQs](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#faqs?ts=markdown) * [What Is Dependency Chain Abuse?](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3?ts=markdown) * [CICD-SEC-3: Dependency Chain Abuse Explained](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#cicd-sec?ts=markdown) * [Importance of Secure Dependency Chains in CI/CD](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#importance?ts=markdown) * [Identifying Signs of Dependency Chain Abuse](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#identifying-signs?ts=markdown) * [Preventing Dependency Chain Abuse](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#preventing?ts=markdown) * [Additional Practices for Dependency Chain Security](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#additional-practices?ts=markdown) * [Dependency Chain Abuse FAQs](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#faq?ts=markdown) * [Anatomy of a Cloud Supply Pipeline Attack](https://www.paloaltonetworks.com/cyberpedia/anatomy-ci-cd-pipeline-attack?ts=markdown) # What Is the CI/CD Pipeline? 7 min. read [AppSec's New Horizon: A Virtual Event](https://start.paloaltonetworks.com/appsecs-new-horizon-virtual-event.html) Table of Contents * * [CI/CD Pipeline Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-pipeline?ts=markdown) * [How CI/CD Works: A Day in the Life of the Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#how-ci-cd-works?ts=markdown) * [Stages of a CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#stages-of-a-ci-cd-pipeline?ts=markdown) * [Types of CI/CD Pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#types-of-ci-cd-pipelines?ts=markdown) * [CI/CD in the Cloud](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-in-the-cloud?ts=markdown) * [CI/CD Pipeline Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#best-practices?ts=markdown) * [CI/CD Pipeline KPIs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-pipeline-kpis?ts=markdown) * [CI/CD Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-tools?ts=markdown) * [Security in CI/CD](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#security-in-ci-cd?ts=markdown) * [CI/CD Trends on the Horizon](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-trends-on-the-horizon?ts=markdown) * [CI/CD Pipeline FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#faq?ts=markdown) 1. CI/CD Pipeline Explained * * [CI/CD Pipeline Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-pipeline?ts=markdown) * [How CI/CD Works: A Day in the Life of the Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#how-ci-cd-works?ts=markdown) * [Stages of a CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#stages-of-a-ci-cd-pipeline?ts=markdown) * [Types of CI/CD Pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#types-of-ci-cd-pipelines?ts=markdown) * [CI/CD in the Cloud](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-in-the-cloud?ts=markdown) * [CI/CD Pipeline Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#best-practices?ts=markdown) * [CI/CD Pipeline KPIs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-pipeline-kpis?ts=markdown) * [CI/CD Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-tools?ts=markdown) * [Security in CI/CD](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#security-in-ci-cd?ts=markdown) * [CI/CD Trends on the Horizon](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-trends-on-the-horizon?ts=markdown) * [CI/CD Pipeline FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#faq?ts=markdown) A continuous integration and continuous delivery/deployment (CI/CD) pipeline is a series of steps that software delivery undergoes from code creation to deployment. Foundational to [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown), CI/CD streamlines application development through automation of repetitive tasks, which enables early bug detection, reduces manual errors, and accelerates software delivery. ## CI/CD Pipeline Explained CI/CD encompasses a series of automated processes --- from code development to production deployment --- that enable frequent and reliable delivery of code changes to the production environment. It forms the backbone of DevOps, a shift in software development that emphasizes collaboration between development and operations teams to ultimately shorten the development lifecycle without compromising software quality. Embodying the core principles of DevOps, the CI/CD pipeline bridges the gap between development, testing, and operations. In this collaborative environment, CI/CD promotes a culture of shared responsibility for a product's quality and timely delivery. ![Various steps in the CI/CD pipeline](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/various-steps-in-the-ci-cd-pipeline.png "Various steps in the CI/CD pipeline") *Figure 1: Various steps in the CI/CD pipeline* ### Continuous Integration (CI) Continuous integration (CI) is a practice in [software development](https://www.paloaltonetworks.com/cyberpedia/what-is-secure-software-development-lifecycle?ts=markdown) where developers regularly merge their code changes into a central repository. After each merge, automated build and test processes run to ensure integration of the new code with the existing codebase --- without introducing error. In this, CI minimizes the historic struggle with merging changes at the end of a development cycle. ### Continuous Delivery and Deployment (CD) Continuous delivery and continuous deployment, both abbreviated as CD, deal with the stages following CI. Continuous delivery automates the release process, maintaining a state where any version of the software can be deployed to a production environment at any given time. It keeps the software in a deployable state, despite constant changes. Continuous deployment goes a step further by automatically deploying every change that passes the automated tests to production, minimizing lead time. Both continuous delivery and continuous deployment involve automatically deploying the application to various environments, such as staging and production, using predefined infrastructure configurations. The CD pipeline incorporates additional testing, such as integration, performance, and security assessments, to guarantee the quality and reliability of the application. **Continuous Delivery Vs. Continuous Deployment** The primary difference between continuous delivery and deployment lies in the final step of moving changes to production. In continuous delivery, the final step of deployment is a manual process, providing a safety net for catching potential issues that automated tests might miss. In contrast, continuous deployment automates the entire pipeline, including the final deployment to production, requiring a strict testing and monitoring setup to identify and fix issues. In other words, CI/CD can refer to one of two approaches. 1. Continuous integration and continuous delivery (CI/CD) 2. Continuous integration and continuous deployment (CI/CD) By implementing a CI/CD pipeline, organizations can achieve faster time-to-market, continuous feedback loops, and improved software quality. CI/CD empowers development, operations, and security teams to work together, enabling the delivery of secure, stable, and highly performant applications. ![CI/CD division of steps in the pipeline](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ci-cd-division-of-steps-in-the-pipeline.png "CI/CD division of steps in the pipeline") *Figure 2: CI/CD division of steps in the pipeline* ## How CI/CD Works: A Day in the Life of the Pipeline The CI/CD pipeline's day begins with a developer's first cup of coffee. As the developer settles in, they pull the latest code from the version control system, Git. Equipped with the most recent changes, they dive into the day's work --- crafting new features and squashing bugs. Once the developer completes their task, they commit their changes to a shared repository. This action sets the CI/CD pipeline in motion. The pipeline, configured with webhooks, detects the commit and triggers the build stage. Using a tool like Jenkins or CircleCI, the pipeline compiles the source code into an executable. If the codebase is a Java application, for instance, this would involve running a Maven or Gradle build. Next, the pipeline packages the application into a deployable artifact. For a web application, this might involve creating a Docker image. The pipeline then pushes this image to a Docker registry, such as Docker Hub or a private registry hosted on AWS ECR or Google Container Registry. With the build complete, the pipeline moves to the test stage and spins up a test environment, often using a container orchestration tool like Kubernetes. It deploys the application to this environment and runs a suite of automated tests. These tests could include unit tests run by JUnit, integration tests run by a tool like Postman, and end-to-end tests run by Selenium. Assuming the tests pass, the pipeline proceeds to the deployment stage where it tears down the test environment and spins up a production environment. The pipeline then deploys the application to this environment, often using a blue/green deployment strategy to minimize downtime and facilitate quick rollback when needed. ![Figure 3: The cyclical nature of the continuous integration and continuous delivery/deployment pipeline](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/continuous-integration-delivery-deployment-pipeline.png "Figure 3: The cyclical nature of the continuous integration and continuous delivery/deployment pipeline") *Figure 3: The cyclical nature of the continuous integration and continuous delivery/deployment pipeline* Throughout the day, the pipeline repeats this process for each new commit. It also handles tasks such as managing database migrations with tools like Flyway or Liquibase, running [static code analysis](https://www.paloaltonetworks.com/cyberpedia/what-is-sast-static-application-security-testing?ts=markdown) with SonarQube, and even autoscaling the production environment based on traffic patterns. The pipeline also provides real-time feedback to the development team. It sends notifications of build results to a Slack channel, creates tickets in Jira for failed builds, and updates a dashboard with real-time metrics on the pipeline's performance. As the day ends, the CI/CD pipeline stands ready for the next commit, continuing its mission to deliver high-quality software at a rapid pace. The pipeline's day may be repetitive, but each repetition brings the team nearer their goal of delivering value to users. ## Stages of a CI/CD Pipeline As a technology-driven process, CI/CD integrates with version control systems, build servers, and other development tools. The standard pipeline comprises several stages, each designed to validate the code from different angles and confirm its readiness for deployment. When a developer commits code to the version control repository, the pipeline springs into action, automating the source, build, test, and deploy stages. **Source Phase** The source stage involves the version control system where developers commit their code changes. The CI/CD pipeline monitors the repository and triggers the next stage when a new commit is detected. Git, Mercurial, and Subversion are popular version control systems. **Build Phase** During the build stage, the CI/CD pipeline compiles the source code and creates executable artifacts. The build stage may also involve packaging the code into a Docker container or another format suitable for deployment. The build process should be repeatable and consistent to provide reliability. **Test Phase** The test phase of the CI/CD pipeline involves running a series of automated tests on the built artifacts. Tests can include unit tests, integration tests, and end-to-end tests. Test automation is crucial at this stage to quickly identify and fix issues. **Deploy Phase** The deploy stage is the final stage of the CI/CD pipeline. With a continuous delivery setup, the deploy stage prepares the release for manual deployment. In a continuous deployment setup, the pipeline automatically deploys the release to the production environment. ## Types of CI/CD Pipelines A CI/CD pipeline for a simple program typically involves stages like source, build, test, and deploy. Developers commit code to a version control system like Git. The pipeline triggers a build process to compile the code and create artifacts. Automated tests run against these artifacts for quality assurance. If tests pass, the pipeline deploys the artifacts to a production environment. Tools like Jenkins, CircleCI, or GitLab CI/CD can orchestrate this process. ### Cloud-Native CI/CD Pipelines A [cloud-native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) CI/CD pipeline leverages the inherent modularity of [microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown) to facilitate independent development and deployment. Each microservice has its own pipeline, allowing for isolated testing, building, and deployment, which reduces the risk of cascading failures and enhances the speed of delivery. Security in the microservices-based pipeline is enforced at multiple levels, one of which involves treating each microservice as a potential security boundary with its own set of permissions and controls. Following [container security practices](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security?ts=markdown) such as image scanning and [runtime protection](https://www.paloaltonetworks.com/cyberpedia/what-is-cwpp-cloud-workload-protection-platform?ts=markdown) safeguards the integrity of microservices. A common cloud-native pipeline technology, service meshes like Istio or Linkerd provide a uniform way to secure, connect, and monitor microservices by enabling mutual TLS and similar features for service-to-service communication. Cloud-native CI/CD pipelines leverage cloud-based tools for code repositories, build servers, and deployment targets. A pipeline in AWS, for instance, might use CodeCommit for source control, CodeBuild for building and testing, and CodeDeploy for deployment. These pipelines can scale on demand, integrate with cloud-native features, and offer pay-as-you-go pricing. ### Kubernetes-Native Pipelines Kubernetes' extensible architecture aligns with CI/CD principles, supporting rapid and reliable application delivery. The Kubernetes-native pipeline operates directly within a Kubernetes cluster, leveraging its features for orchestration, scaling, and management of containerized applications. It can deploy [containerized applications](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container?ts=markdown) across multiple clusters, handle rollbacks, and manage service discovery. The pipeline stages, including building, testing, and deploying, are run as Kubernetes jobs or pods, providing isolation and resource control. Security in Kubernetes-native pipelines involves Kubernetes-specific practices. Role-based access control (RBAC) is used to limit the permissions of pipeline stages, reducing the blast radius of potential security issues. Pod security policies can fortify the [security posture](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown) by restricting the capabilities of containers running the pipeline stages. CI/CD tools like Jenkins X, Tekton, and Argo CD are designed for Kubernetes-native pipelines, offering features like environment promotion via GitOps and preview environments for pull requests. ### CI/CD Pipeline for a Monorepo A monorepo is a repository that contains more than one logical project. The CI/CD pipeline for a monorepo needs to efficiently handle changes across multiple projects. It should only build and test the projects affected by a commit, not the entire repository. Developers can use advanced CI/CD tools like Bazel or Google's Cloud Build to create a dependency graph of the codebase from which they can then rebuild and retest only the parts of the codebase that depend on the changed code. Security in a monorepo CI/CD pipeline prevents changes from affecting other components. Automated testing and static code analysis identify potential security issues early in the pipeline. Code review practices should be vigorous to maintain the integrity of the monorepo. ## CI/CD in the Cloud Cloud platforms offer powerful capabilities for implementing CI/CD pipelines, including unlimited scalability, high availability, and inherent disaster recovery mechanisms. The elasticity of cloud resources supports the dynamic scaling of CI/CD processes based on [workload](https://www.paloaltonetworks.com/cyberpedia/what-is-workload?ts=markdown), promoting efficiency and cost optimization. CI/CD in the cloud also supports distributed development teams, enhancing collaboration, and enabling a global software development approach. ### CI/CD in AWS Amazon Web Services (AWS) provides a suite of tools for implementing a CI/CD pipeline. AWS CodeCommit, a fully managed source control service, hosts secure Git repositories, facilitating collaborative coding and version control. AWS CodeBuild, a managed build service, compiles source code, runs tests, and produces ready-to-deploy software packages. AWS CodePipeline, a continuous integration and continuous delivery service, orchestrates the workflow from source code to deployment, allowing you to model, visualize, and automate your software release process. AWS CodeDeploy, an automated deployment service, facilitates application deployments to various AWS services like Amazon EC2, AWS Lambda, and Amazon ECS. AWS also integrates with popular open-source tools, providing a flexible and comprehensive CI/CD solution. ### CI/CD in Azure Azure Pipelines, a cloud service, supports both continuous integration and continuous delivery and is compatible with any language and platform, providing a versatile solution for diverse development environments. Azure Repos provides unlimited cloud-hosted private Git repositories, enabling teams to collaborate and manage their code effectively. Azure Test Plans is a comprehensive solution for managing, tracking, and planning testing efforts, ensuring the delivery of high-quality software. Azure also offers a range of extensions and integrations with popular open-source tools, enhancing its capabilities as a CI/CD platform. ### CI/CD in Google Cloud Google Cloud Platform (GCP) offers Cloud Build for CI/CD, a serverless product that enables developers to build, test, and deploy software in the cloud. Cloud Build allows you to define custom workflows for building, testing, and deploying across multiple environments such as VMs, serverless, Kubernetes, or Firebase. Google Cloud Source Repositories, a single place for teams to store, manage, and track code, offers a secure, scalable, and highly available Git repository. GCP also integrates with popular open-source tools like Git, Jenkins, and Spinnaker, providing a flexible and customizable CI/CD solution. ### CI/CD in IBM Cloud IBM Cloud offers a comprehensive set of tools for implementing a CI/CD pipeline. IBM Cloud Continuous Delivery service provides toolchains that include open tool integrations and templates to automate building, deploying, and managing applications. IBM Cloud Code Engine is a fully managed serverless platform that runs your containerized workloads, including web apps, microservices, event-driven functions, or batch jobs. IBM Cloud also integrates with popular open-source tools like Git, Jenkins, and Tekton, making it a versatile choice for CI/CD implementation. ## CI/CD Pipeline Best Practices To enhance your DevOps workflow and software delivery, incorporate the following best practices into your development lifecycle. ### Single Source Repository Using a single source repository will serve as your source code management (SCM) system, centralizing the storage of all the necessary files and scripts required to create builds. The repository should include everything from source code, database structure, and libraries to properties files and version control. It should also house test scripts and scripts to build applications. Working from a single source repository enhances collaboration, promotes consistency, simplifies version control, reduces the risk of conflicts, and makes it easier to track changes. ### Build Once Compile the code and create build artifacts only once and then promote the artifacts through the pipeline. This practice promotes consistency by preventing discrepancies that might arise from building the code at every stage. ### Automate Build Process The practice of automated builds, or converting code into a deployable artifact, reduces human error and accelerates the development process. Your build scripts should be comprehensive, allowing you to build everything from a single command --- web server files, database scripts, application software, etc. The CI processes should automatically package and compile the code into a usable application. ### Prioritize Automation Efforts Automate as much as possible, from code integration, testing, and deployment to infrastructure provisioning and configuration. Automation increases efficiency while guaranteeing repeatability. Once developers push code to the shared repository, the CI server automatically triggers a build-and-test process, highlighting any issues on the fly. The process significantly lessens the time and effort spent on manual integration, leaving developers free to focus on code enhancements. ### Test Early and Often Incorporate automated testing into the early stages of the pipeline. Run unit tests after the build stage, followed by integration tests and end-to-end tests. Design testing scripts to yield a failed build if code fails the test. ### Use Clone-Testing Environments Conducted testing in an environment that mirrors the production environment rather than testing new code in the live production version. Use rigorous testing scripts in this cloned environment to detect and identify bugs that may have slipped through the initial prebuild testing process. ### Deploy Frequently Frequent deployments reduce the batch size of changes, making it easier to identify and fix issues. They also accelerate feedback, make rollbacks more feasible, and reduce the time to deliver value to users. ### Make the CI/CD Pipeline the Only Way to Deploy Disallow manual deployments to production. All changes should go through the pipeline to ensure that every change is tested, consistent, and traceable. ### Demand Visibility Development teams should have access to the latest executables, as well as a line of sight to any changes made to the repository. Version control should be used to manage handoffs so that developers know which version is the latest. ### Optimize Feedback Loop Enable the pipeline to provide quick and useful feedback. Developers should be notified immediately if their changes break the build or fail tests. Fast feedback enables quick remediation and keeps the pipeline flowing. ### Clean Environments with Every Release Automate the cleanup of testing and staging environments after each release to save resources and allow each deployment to start with a clean state. ## CI/CD Pipeline KPIs ### Cycle or Deployment Time Cycle time, also known as deployment time, measures the duration from code commit to production deployment. It's a key indicator of the efficiency of the CI/CD pipeline. Shorter cycle times mean faster delivery of value to users and quicker feedback for developers. ### Development Frequency Development frequency refers to how often code changes are committed to the version control system. High development frequency indicates an active development process associated with smaller, manageable changes that reduce the risk of errors. ### Change Lead Time Change lead time measures the period from when change is committed to when it's deployed, as a measure of the speed of the CI/CD pipeline. Shorter lead times mean quicker realization of value and faster feedback loops. ### Change Failure Rate Change failure rate is the percentage of changes that result in a failure in production. A low change failure rate indicates a high-quality software delivery process. Factors such as testing quality, code review practices, and deployment practices influence change failure rate. ### MTTR Vs. MTTF Mean time to recovery (MTTR) and mean time to failure (MTTF) reflect the reliability of the CI/CD pipeline. MTTR measures the average time it takes to recover from a failure, while MTTF measures the average time between failures. Lower MTTR and higher MTTF indicate a more reliable pipeline. ![Video 1: Shifting toward modernized methodologies with new tech and DevOps](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/shifting-toward-modernized-methodologies-with-new-tech-and-devops.png) Video 1: Shifting toward modernized methodologies with new tech and DevOps close ## CI/CD Tools ### Continuous Integration Tools **Codefresh** Codefresh, a CI/CD platform designed for Kubernetes, supports the complete lifecycle of application development from commit to deployment. Its distinctive Docker-native infrastructure enables fast and isolated builds, providing a versatile environment for developing, testing, and deploying containerized applications. **Bitbucket Pipelines** Bitbucket Pipelines is an integrated CI/CD service built into Bitbucket. It allows development teams to automatically build, test, and deploy code based on a configuration file in their repository. Its tight integration with Bitbucket and the Atlassian suite of tools can significantly improve the workflow for teams already embedded in the Atlassian ecosystem. **Jenkins** Jenkins is an open-source automation server that enables developers to reliably build, test, and deploy their software. It offers extensive plugin support and distributed builds, making it a highly flexible tool for complex CI/CD pipelines. **CircleCI** CircleCI is a modern continuous integration and delivery platform that supports rapid software development and release. With the focus on simplicity and efficiency, CircleCI offers smart automatic caching, parallelism, and job orchestration to optimize the software delivery process. **Bamboo** Bamboo, another tool from the Atlassian suite, provides continuous integration and delivery capabilities, with built-in Git and JIRA software integration. Though not as extensible as Jenkins, Bamboo's out-of-the-box features offer a more straightforward setup to development teams needing a fast and simple implementation. **GitLab CI** GitLab CI, an integral part of GitLab, is a stout solution that supports the entire DevOps lifecycle. GitLab CI offers flexible pipeline configurations and tight integration with GitLab's source control and issue tracking, providing an all-in-one solution for software development and deployment. ### Continuous Delivery and Deployment Tools **Codefresh** Codefresh, besides providing CI capabilities, also supports continuous delivery. Its environment isolation and Helm chart support allow efficient and reliable delivery of Kubernetes applications. **Argo CD** Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It leverages Git repositories as a source of truth for defining applications and automatically syncs the application when changes are detected in the repository. **GoCD** GoCD is an open-source tool specialized in modeling and visualizing complex workflows for continuous delivery. Its value stream map visualizes the entire path from commit to deployment, fostering better understanding and control over the software delivery process. **AWS CodePipeline** AWS CodePipeline is a fully managed continuous delivery service that automates release pipelines for fast and reliable application updates. As part of the AWS suite, CodePipeline seamlessly integrates with other AWS services, allowing for effective management and automation of the entire release process within the AWS ecosystem. **Azure Pipelines** Azure Pipelines, part of Microsoft's Azure DevOps services, is a cloud service that provides CI/CD capabilities for applications of any language and platform. It's notable for its broad integration capabilities, able to work with most popular tools and services in the development landscape, as well as its unlimited free build minutes for open-source projects. **Spinnaker** Spinnaker, a multicloud continuous delivery platform originally developed by Netflix, offers high configurability and powerful deployment capabilities across different cloud providers. With its focus on deployment, Spinnaker supports several strategies such as blue/green and canary releases, offering a high degree of control over the delivery process. ### Machine Learning CI/CD Applications **MLOps** MLOps, a compound of machine learning and operations, is designed to standardize and streamline the lifecycle of machine learning model development and deployment. It applies CI/CD principles to automate the testing, deployment, and monitoring of machine learning models, facilitating their reliable and consistent delivery. **Synthetic Data Generation Techniques** In machine learning development, synthetic data generation is a method to create data that mimics real data. Within CI/CD pipelines, this approach is valuable in testing machine learning models, as it provides a scalable and privacy-compliant method to evaluate models' performance and exhaustiveness. **AIOps Platforms** AIOps, short for artificial intelligence for IT operations, integrates AI and machine learning technologies into IT operations. In the context of CI/CD, AIOps can automate and enhance numerous operations tasks such as anomaly detection, event correlation, and root cause analysis, improving the efficiency and effectiveness of software delivery. ## Security in CI/CD The speed and automation of CI/CD introduce new security risks, such as: * Exposure of sensitive data * Use of insecure third-party components * Unauthorized access if CI/CD tools aren't properly secured But prioritizing [CI/CD security](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown) by integrating security practices and tools throughout the pipeline --- a practice known as [DevSecOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops?ts=markdown) --- organizations can ensure that the software they deliver is both functional and secure. ### Secure Coding Practices Developers should uphold [secure coding](https://www.paloaltonetworks.com/cyberpedia/what-is-code-security?ts=markdown) practices to prevent introducing security vulnerabilities into the codebase. Practices to prioritize include input validation, proper error handling, and adherence to the [principle of least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown). ### Security Testing Integrate automated security testing into the CI/CD pipeline. Tests such as static code analysis, dynamic analysis, and penetration testing can help pinpoint security vulnerabilities before deploying the application. ### Security in Deployment Secure the deployment process. Use secure protocols for data transmission, manage permissions and access controls during the deployment process, and monitor the application in production to detect any security incidents. ### Secure CI/CD Pipeline Architecture A secure CI/CD pipeline architecture integrates security controls at each stage of the pipeline. Use secure repositories for source control, conduct security checks during the build process, run automated security tests, and ensure secure deployment practices. ### Security in Infrastructure as Code [Infrastructure as code (IaC)](https://www.paloaltonetworks.com/cyberpedia/what-is-iac?ts=markdown), a key practice in DevOps, involves managing and provisioning computing infrastructure through machine-readable definition files. [Security in IaC](https://www.paloaltonetworks.com/cyberpedia/what-is-iac-security?ts=markdown) involves managing these definition files and the infrastructure they create. Encrypt sensitive data, limit access to the IaC files, and regularly audit the infrastructure for security compliance. ## CI/CD Trends on the Horizon ### Microservices and Serverless Architectures As organizations increasingly adopt microservices and [serverless architectures](https://www.paloaltonetworks.com/cyberpedia/what-is-serverless-security?ts=markdown), CI/CD pipelines will need to adapt to manage more complex deployments. This includes deploying and managing multiple interdependent services, each potentially using different technologies and deployment platforms. ### Artificial Intelligence and Machine Learning AI and ML are increasingly being used to optimize CI/CD pipelines. Predicting and preventing potential issues, optimizing resource usage, and automating more complex tasks are some of the potential applications of AI and ML in CI/CD. ### Infrastructure as Code (IaC) IaC is becoming a standard practice in DevOps. As IaC tools and practices mature, they will play an increasingly important role in CI/CD pipelines. ## CI/CD Pipeline FAQs ### What is configuration management? Configuration management is a systems engineering process for establishing and maintaining consistency in a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. In the context of software development, configuration management involves systematically managing, organizing, and controlling the changes in the documents, codes, and other entities during the development process. ### What is meant by 'orchestrating the pipeline'? Orchestrating the pipeline in CI/CD refers to the process of automating and managing the sequence of tasks that take place from the moment code is committed to when it's deployed. Orchestration aims to enhance efficiency and reliability of the pipeline by: * Streamlining these processes * Ensure they occur in the correct order * Handle any dependencies between tasks Jenkins, CircleCI, and Bamboo are common CI/CD tools for pipeline orchestration. Kubernetes is also increasingly used for this purpose, especially in microservices architectures. ### What is an artifact repository? An artifact repository is a storage location for binary and other software artifacts produced during the software development process. It can include compiled code, libraries, modules, server images, or container images. Artifact repositories like JFrog Artifactory or Sonatype Nexus provide version control, metadata, and other features, making it easier to store, retrieve, and manage these artifacts. ### What is version control? Version control, also known as source control, is a system that records changes to a file or set of files over time so that specific versions can be recalled later. It allows you to revert selected files back to a previous state, revert the entire project back to a previous state, compare changes over time, see who last modified something that might be causing a problem, and more. ### What is meant by 'a single source of truth'? Maintaining a single source of truth in CI/CD means having one view of information that everyone considers as the definitive version. Typically referring to the codebase in a version control system like Git, a single source of truth guarantees that development and operations team members work with the same data, reducing inconsistencies and conflicts. The single source of truth provides a reliable basis for building, testing, and deploying software. ### What are pipeline-based access controls? [Pipeline-based access controls](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5?ts=markdown) are security measures that regulate who can interact with a CI/CD pipeline and how. They can limit who can trigger a pipeline, make changes to its configuration, or access the build results. These controls are crucial for maintaining the integrity of the development and deployment process, preventing unauthorized changes, and maintaining compliance with security policies. ### What are branching strategies for CI/CD? Branching strategies for CI/CD include feature branching, where new features are developed in separate branches and then merged into the main branch; trunk-based development, where developers work on a single branch with short-lived feature branches; and Gitflow, which uses separate branches for development, staging, and production, each serving a different stage in the CI/CD pipeline. ### What is trunk-based development? Trunk-based development is a software development approach where all developers work on a single branch, often called 'main' or 'trunk'. Developers frequently integrate their changes into this main branch, usually once a day, promoting integration and reducing the complexity of merges. ### What is ua-parser-js? A lightweight JavaScript library, ua-parser-js detects browser, engine, OS, CPU, and device type and model from user-agent data. The library can prove useful for analytics, serving different webpages or resources based on the user's environment, or other situations where understanding the user's browser and device enhances the user experience or provides useful metrics. ### What is a continuous delivery maturity model? A continuous delivery maturity model is a framework that helps organizations assess their proficiency and maturity in implementing continuous delivery practices. It typically includes several levels, from initial to managed to optimized, each with specific best practices and capabilities. The model guides organizations in identifying areas for improvement and planning their journey toward more mature practices. ### What is a code commit? A code commit, in the context of version control systems, is the action of storing changes to a codebase in a repository. Each commit represents a discrete change to the code, often accompanied by a message describing the change. Commits create a history of modifications, allowing developers to track progress, understand changes, and revert to previous versions if necessary. ### What is pipeline execution? Pipeline execution refers to the process of running all the tasks defined in a CI/CD pipeline, typically triggered by a code commit or a scheduled event. It involves executing stages like build, test, and deploy in a sequence or in parallel, depending on the pipeline configuration. The execution can be visualized as a flow of tasks, each dependent on the successful completion of the preceding ones, ensuring the code is ready for deployment. ### What is code coverage? Code coverage is a metric that helps measure the degree to which the source code of a program is executed when a particular test suite runs. It identifies which lines of code were executed and which were not, providing insight into the thoroughness of your testing suite. High code coverage can help prevent bugs from slipping through to production. ### What is static code analysis? Static code analysis is a method of debugging by examining source code before a program is run. It's done by analyzing a set of code against a set (or multiple sets) of coding rules. SAST helps identify potential vulnerabilities, bugs, and breaches of coding standards, improving the quality and security of the code. Tools for static code analysis are often integrated into CI/CD pipelines. ### What is unit testing? Unit testing is a software testing method where individual components of a software application are tested in isolation. The purpose is to validate that each unit of the software performs as expected. A unit is the smallest testable part of any software, often a function or method. Unit tests are typically automated and written by developers to verify the correctness of their code, aiding in the detection of issues early in the development cycle. ### What is integration testing? Integration testing is a type of software testing where individual units are combined and tested as a group. The purpose is to expose faults in the interaction between integrated units. Test cases are created with the express purpose of exercising the interfaces between the units. This activity is carried out by testers after unit testing and can occur in a top-down, bottom-up, or sandwiched manner. Integration testing can reveal issues such as interface inconsistencies, communication problems, or data-related errors that unit tests might miss. ### What is regression testing? Regression testing is a type of software testing that confirms that previously developed and tested software still performs as expected after changes. The goal is to catch new bugs, or regressions, caused by alterations to the software. Regression tests can be performed at any or all testing levels and are often automated to prevent the introduction of defects into previously working functionality. ### What are flaky tests? Flaky tests are automated tests that exhibit both a passing and a failing result with the same code. They are unpredictable because their outcome can change without any changes to the code. Flaky tests can be caused by several factors, including timing issues, dependencies on specific states, or asynchronous operations. They can undermine trust in a testing suite and should be identified and fixed or removed. ### What are feature flags? Feature flags, or feature toggles, are a software development technique that allows developers to enable or disable features in a software product to test the features and quickly roll back problematic ones. Developers can use feature flags even after the software product has been deployed to production. ### What is a canary release? A canary release is a technique to reduce the risk of introducing a new software version in production by gradually rolling out the change to a small subset of users before rolling it out to the entire infrastructure. It's used to catch potential issues and bugs that weren't detected during the testing phase, with minimal impact on the user base. ### What are blue/green deployments? Blue/green deployments are a release management strategy that reduces downtime and risk by running two identical production environments, known as blue and green. At any time, only one environment is live, serving all production traffic. When releasing a new version of the application, the inactive environment is updated, tested, and, once ready, switched to be the live environment. Blue/green deployments allow quick rollback if problems are detected in the new version. ### What is release orchestration? Release orchestration refers to the process of coordinating the various tasks involved in delivering software changes to production. It includes managing dependencies between tasks, automating workflows, and ensuring that each step, from code commit to deployment, is executed in the correct order. Release orchestration tools provide visibility into the release process, helping teams to manage complex deployments and reduce risks. ### What is value stream mapping (VSM)? Value stream mapping (VSM) is a lean-management method for analyzing the current state and designing a future state for the series of events that take a product from concept to delivery. With respect to CI/CD, VSM visualizes the flow of code changes from development to production, identifying bottlenecks, redundancies, or wastage in the process. It helps teams understand the entire delivery lifecycle, improve flow efficiency, and reduce lead time. By mapping the value stream, organizations can make data-driven decisions to optimize their CI/CD pipelines, aligning them more closely with business objectives. ### What is a site reliability engineering (SRE) approach? Site reliability engineering (SRE) is a discipline that combines aspects of software engineering and systems engineering to build and run scalable, reliable, and efficient systems. Originating at Google, SRE implements DevOps principles with a specific focus on reliability. SREs use software as a tool to manage systems, solve problems, and automate operations tasks. Key practices include defining service level objectives (SLOs), error budgets, and toil reduction through automation. The goal is to create a balance between release velocity and system reliability. Related Content [ASPM Buyer's Guide Gain a comprehensive framework for evaluating and choosing an ASPM solution that shifts your AppSec strategy from reactive to proactive.](https://start.paloaltonetworks.com/application-security-posture-management-buyers-guide.html) [Accelerate Secure Development with Prevention-First Application Security Posture Management (ASPM) Learn how Cortex Cloud's ASPM centralizes and correlates findings from disparate security scanning tools with complete context across code, application infrastructure, and cloud ru...](https://www.paloaltonetworks.com/resources/datasheets/application-security-posture-management-solution-brief?ts=markdown) [Introducing Cortex Cloud ASPM Cortex Cloud ASPM gives security and engineering teams the control to prevent exploitable risk early and respond with full context across the software lifecycle.](https://www.paloaltonetworks.com/blog/cloud-security/introducing-aspm-cortex-cloud/?ts=markdown) [AppSec's New Horizon Join this virtual event to get a practical, prevention-first blueprint --- backed by new Unit 42 research --- to modernize your AppSec strategy.](https://start.paloaltonetworks.com/appsecs-new-horizon-virtual-event.html) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20the%20CI%2FCD%20Pipeline%3F&body=Learn%20how%20a%20CI%2FCD%20pipeline%20automates%20the%20steps%20in%20software%20delivery%2C%20from%20integrating%20code%20changes%20to%20testing%20and%20deploying%20the%20application%2C%20enhancing%20speed%20and%20reliability.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown) What Is CI/CD Security? [Next](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7?ts=markdown) What Is Insecure System Configuration? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language