GitOps can help control configuration drift and enable your infrastructure security to shift left, for starters. Here are four ways it can enable better software security.
Software development and DevOps teams that are using the GitOps deployment model to automate application and infrastructure provisioning can also gain several security benefits from it.
With GitOps, administrators can store and manage Infrastructure as Code (IaC) using Git version control systems such as GitHub, or a private Git repository. GitOps uses merge requests for team collaboration and infrastructure changes, and uses a Git flow with continuous integration/continuous delivery (CI/CD). As the central location for configuration and code that manages all changes to the infrastructure, the repository is the single source of truth of the desired state of the infrastructure.
Here are four ways GitOps can help secure your software development pipeline.
1. GitOps can help control configuration drift
Manual changes in production environments can often lead to configuration drift where a system's current state is very different from its original or desired state. Configuration drift is a common issue at many organizations and can result from ad hoc changes to application code or changes at the infrastructure and network layer. It can cause compatibility issues and make systems behave in unexpected and potentially risky ways.
With GitOps, the Git repository is the sole source of truth for configuration information for infrastructure and applications. The repository contains declarative descriptions of the production environment as it should exist, in its desired state. DevOps teams commit all approved changes to infrastructure or application code via the Git repository and the changes roll out across the entire system in a completely automated way.
The process ensures that the declared state in the Git repository always matches the state of the production environment. Git's version control features prevent changes from creeping in that could cause a drift from the desired or declared state in the repository.
Matt Rose, Field CISO at ReversingLabs, said the fluid and often aggressive nature of release cycles can often result in configurations drifting from the approved architecture.
"Configuration drift is a huge issue. Having checks and balances that allow you to verify whether you are drifting away from the approved architecture is very important."
2. GitOps allows DevOps team to push infrastructure security further left
Daniel Kennedy, Research Director for The 451 Group, said one of the most interesting aspects of the GitOps approach from a security standpoint is its handling of infrastructure as code. GitOps shifts infrastructure provisioning further left in the lifecycle which means DevOps teams have an opportunity to identity configuration issues that could cause security vulnerabilities, sooner.
"Scanning for known vulnerabilities earlier has all the benefits inherent in ‘shift left’. The cost of addressing the vulnerability is considerably lower the earlier it is identified."
Lisa Azevedo, CEO of the container security company Containn, said GitOps can help reduce or even eliminate potential security issues in infrastructure and application code early on. In an infrastructure as code environment, DevOps teams can leverage intelligent, automated infrastructure deployment tools to ensure the declared production environment in the repository contains all the required security and compliance controls right from the outset.
DevOps teams can store security policies and configurations as code in the repository, and thenpply any changes or updates to those controls across the system in an automated and scalable manner, Azevedo said.
"If you build in security and compliance from the start using intelligence, then you are addressing all the different required controls before you test and deploy the system into production. You can shrink the attack surface versus reactively scanning the pipeline for vulnerabilities and fixing them."
3. GitOps enables better transparency, and the ability to audit infrastructure changes
GitOps is composed of three parts around infrastructure automation: IaC, the merge request process, and CI/CD similar to DevOps, said Kennedy. The latter two have security advantages related to strong software configuration management processes.
With merge requests, DevOps teams can version control infrastructure changes the same way they do with application code, Kennedy said. This means that all changes that that a DevOps team might make to the declared state in the repository have a trail back to the committer and to when the changes were committed. "Thus, you can see what changed, review comments, install reviews, and so forth," he said.
"If there’s a problem, you can roll back changes and it allows an organization to correct for infrastructure configuration drift."
The fact that a Git repository is the single source of truth in GitOps means organizations can view changes to a system from a single source as well, Rose said. "Having everything in a consistent, repeatable fashion I think is very beneficial because everyone knows what is happening, what's expected, and what the processes are."
4. GitOps reduces dependency on static images
GitOps enables development and operations teams to consistently spin up containers and virtual machines using always updated images that contain all the required security and compliance controls, Azevedo said. It allows organizations to get away from using "golden," or static, images to spin up infrastructure. Administrators use golden images as a template for spinning up identical virtual machines or containers. They can help save time and ensure infrastructure consistency.
However, static images can quickly become outdated given the velocity and cadence of change in modern development environments. They are a static, point-in-time image of a desired configuration state. Vulnerabilities can manifest in a golden image over time — because of unpatched vulnerabilities for instance — and those vulnerabilities can get quickly replicated across an environment when the image is used to build new containers or virtual machines, Azevedo said.
GitOps, when implemented correctly, gives organizations a way to continuously build fresh new images for deploying VMs and containers without having to worry about potential vulnerabilities and outdated security controls.
When visibility and transparency matter
As GitLabs notes, "GitOps is an operational framework that takes DevOps best practices used for application development such as version control, collaboration, compliance, and CI/CD, and applies them to infrastructure automation."
GitOps' core capabilities deliver greater transparency into the infrastructure and application environment, and give DevOps teams a way to more effectively identify issues and address them, Kennedy said.
If your team makes a mistake, they can roll back quickly and potentially have the ability to return to the best-known state, Rose said.
"GitOps provides the opportunity to see who did what. It allows you to be a lot more transparent."
- Dev & DevSecOps
- Get up to speed on Dev & DevSecOps
- Keep up with the latest software threat research
- Find out why the NVD needs to evolve to include software supply chain threats
- Get report: Software supply chain and the SOC: Why end-to-end security is key
- See survey report: Tampering top of mind for devs — but detection lags
- Learn what an SBOM is and why it matters
- Get a free SBOM and supply chain risk report