Tekton

Jan 1, 0001

Definition

Tekton is an open-source framework for creating continuous integration and continuous delivery (CI/CD) systems. It provides Kubernetes-native resources to define and run pipelines, allowing developers to automate the build, test, and deployment of applications. Tekton’s architecture is designed to be flexible and extensible, enabling integration with various tools and services within the CI/CD ecosystem.

Secure Settings Example

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: secure-pipeline-run
spec:
  pipelineRef:
    name: my-secure-pipeline
  podTemplate:
    securityContext:
      runAsUser: 1000
      runAsGroup: 3000
      fsGroup: 2000
  serviceAccountName: restricted-sa
  timeout: "1h"
  workspaces:
    - name: shared-data
      volumeClaimTemplate:
        spec:
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 1Gi

Insecure Settings Example

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: insecure-pipeline-run
spec:
  pipelineRef:
    name: my-insecure-pipeline
  podTemplate:
    securityContext:
      runAsUser: 0  # Running as root user
      runAsGroup: 0
  serviceAccountName: default  # Using default service account with broad permissions
  timeout: "24h"  # Excessively long timeout
  workspaces:
    - name: shared-data
      emptyDir: {}  # Using ephemeral storage without persistence

Tekton

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter