Quarantine staging for new deps
Definition
Quarantine staging for new dependencies is a security practice where newly introduced software dependencies are isolated in a controlled environment before being integrated into the main application. This process allows for thorough testing and security assessments to identify potential vulnerabilities or compatibility issues. It helps ensure that only vetted and secure dependencies are deployed to production, reducing the risk of introducing security flaws.
Secure Settings Example
# Example of a CI/CD pipeline configuration using GitHub Actions
# to quarantine new dependencies in a staging environment
name: Quarantine New Dependencies
on:
push:
branches:
- main
jobs:
quarantine:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Install dependencies
run: npm install
- name: Run security audit
run: npm audit
- name: Deploy to staging
if: success()
run: |
echo "Deploying to staging environment"
# Deploy to a staging environment for further testing
./deploy-to-staging.sh
Insecure Settings Example
# Example of a CI/CD pipeline configuration that directly deploys
# new dependencies to production without quarantine
name: Deploy New Dependencies
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Install dependencies
run: npm install
- name: Deploy to production
run: |
echo "Deploying to production environment"
# Directly deploys to production without prior testing
./deploy-to-production.sh