Risks
Supply Chain Compromise
Insider Threat
Unauthorised Deployment
Credential and Secret Exposure
Vulnerable Software in Production
Audit and Compliance Failure
Unauthorised System Access
Configuration Drift
Environment Breach
Controls
Build Controls
KBC1:
Version Control
KBC2:
Artifact Binary Provenance
KBC3:
Controlled Build Environment
KBC4:
Dependency Management
KBC5:
Infrastructure and Configuration Management
KBC6:
Secrets Scanning
Release Controls
KRC1:
Code Review
KRC2:
Quality Assurance
KRC3:
Security Vulnerability Scanning
KRC4:
Deployment Approvals
KRC5:
Service ownership
Runtime Controls
KCC1:
Change Records
KCC2:
Deployment Controls
KCC3:
Secrets Management
KCC4:
System Access Controls
KCC5:
Runtime Workload Monitoring