CLOUD.md

September 2, 2023 ยท View on GitHub

The Software Supply Chain Stages

PeopleLocal ReqsSource CodeIntegrationDeploymentRuntimeHardwareDNSServicesCloud
DevelopersIDELanguagesSCM providersBuild solutionsServersEmbedded PCURLSaaS solutionsCDN
QA teamSCVFrameworksPull requestsDeployment platformsOperating systemsPCBhostnameThird party APIsCloud services
DevOps teamLocal testsLibrariesSecrets mgmtReleasesWebserversUSB donglePayment gateways
Package MaintainersGit reposPackage ManagersGit reposFunctional testsApplication serversGPU/CPUIdentity Providers
Page BuildersPackagesSecurity testsWeb enginesAnalytics
Open sourceAPI test frameworksDatabasesProxies
Proprietary CodeUnit tests
PeopleLocal ReqsSource CodeIntegrationDeploymentRuntimeHardwareDNSServicesCloud

Cloud resources

Cloud native resources refer to the tools, technologies, and infrastructure required to develop, deploy, and manage applications that are designed to run in a cloud environment. These resources typically include containerization platforms, orchestration frameworks, serverless computing, and other cloud-specific technologies.

What's in scope?

  • PaaS
  • CDN
  • Cloud hosting providers
  • Cloud native resources

Examples

PaaS Examples

CDN Examples

Cloud hosting providers

Cloud Native Services

DynamoDB, Azure Functions, Microsoft Power Apps, Azure Cosmos, Azure Application Gateway, AWS Elastic Load Balancer, AWS Certificate Manager

Who owns it?

  • CloudOps team
  • DevOps team

What are the security concerns?

  • Reference the shared responsibility model
  • Many of the cloud services are publicly facing endpoints by default
  • What permissions are the cloud services using?
  • How many assets do you have in the cloud?

How do I secure it?

  • Cloud Security Posture Mananagement
  • Attack surface mapping