Last Updated: November 21, 2025
Security Gates
| Gate | Purpose |
|---|---|
SAST/DAST
|
Catch insecure code early |
Dependency scanning
|
Block CVEs |
Manual approvals
|
Require reviewers for prod deploys |
Commands
secret-scan
Fail builds on exposed credentials
terraform plan -out=plan.tfplan
Review infra diff before apply
conftest test policy.rego
Run policy-as-code checks
Pipeline Hygiene
Isolate builders, use ephemeral creds, and log approvals with audit trails.
💡 Pro Tip:
Fail fast on policy violations, regularly rotate pipeline credentials, and review approvals for high-risk changes.