P-SSCRM Documentation

D.2.2 Build process monitoring

Control Details

Objective

Detect intruders in the build infrastructure

Definition

Do you monitor the build chain for unauthorized access and modifications? Have you completed an attack surface investigation of your build environment? What kinds of actions do you take to narrow the attack vectors?

Assessment Questions

  1. How do you monitor the build chain for unauthorized access and modifications?
  2. How recently have you completed an attack surface investigation of your build environment?
  3. What kinds of actions do you take to narrow the attack vectors?

Reference sources

  1. CNCF-SSC BP-V Validate runtime security of build workers SC-SA Use short-lived/ephemeral credentials for machine/service access A-CE Use a container registry that supports OCI image-spec images