v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/github_compliance
Overview
2Dashboards
37Controls
33Queries
2Variables
GitHub

Control: 2.3.1 Ensure all build steps are defined as code

Description

Use pipeline as code for build pipelines and their defined steps.

Rationale

Storing pipeline instructions as code in a version control system means automation of the build steps and less room for human error, which could potentially lead to a security breach Additionally, it creates the ability to revert to a previous pipeline configuration in order to pinpoint the affected change should a malicious incident occur.

Audit

Verify that all build steps are defined as code and stored in a version control system.

Remediation

Convert pipeline instructions into code-based syntax and upload them to the organization's version control platform.

Usage

Run the control in your terminal:

powerpipe control run github_compliance.control.cis_supply_chain_v100_2_3_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_compliance.control.cis_supply_chain_v100_2_3_1 --share

SQL

This control uses a named query:

default_branch_all_build_steps_as_code

Tags

category = Compliance
cis = true
cis_section_id = 2.3
cis_supply_chain_v100 = true
cis_type = automated
cis_version = v1.0.0
plugin = github
service = GitHub