GitOps is an operating model for continuous delivery. GitOps increases the stability and security of your cloud native system.
As an automation-driven process, GitOps is based on Pull Requests. A PR is a machine and human-readable “change control note” that can be automatically applied to existing code in a Git repository. It contains the code to be changed, added, or removed, as well as some non-code text describing the change. That also means it leaves an audit trail of users, timestamps, and exact character-by-character changes in Git that can be reconciled against a running system’s state.
In this white paper, we discuss the 4 most common threats and how they can be easily mitigated:
- Git Users can impersonate each other
- Malicious user rewrites history
- Malicious user removes security features
- Old Git client versions are insecure