E.2 Safeguard build integrity

Protect from and detect malicious infiltration into software build infrastructure that could lead to the build and deployment of compromised products.

Controls

E.2.1 Release policy verification

Ensure the products, materials, and processes used during the build pipeline adhere to the established product and organizational release policy

E.2.2 Verify dependencies and environment

Ensure the build environment's sources and dependencies come from a secure, trusted source of truth

E.2.3 Defensive compilation and build

Reduce vulnerabilities during compilation and build.

E.2.4 CI/CD hosting and automation

Through automated builds, reduce human error and malicious actions and artifacts that cause the output of the build process to contain security vulnerabilities.

E.2.5 Secured orchestration platform

Ensure each deployed workload meets predetermined security requirements.

E.2.6 Reproducible builds

Provide a mechanism to confirm that no malicious backdoor injections have taken place during the build process.

E.2.7 Build output

Through protected build environments, reduce human error and malicious actions and artifacts that cause the output of the build process to contain security vulnerabilities.

E.2.8 Hardened and isolated builds

Protect the integrity of build output