DevOps

CI/CD Pipeline Security

OIDC authentication, secrets management, SLSA provenance, minimal permissions, supply chain security

20 mülakat soruları·
Mid-Level
1

What is OIDC (OpenID Connect) in the context of CI/CD pipelines?

Cevap

OIDC is an authentication protocol that allows CI/CD pipelines to authenticate with cloud providers without using static secrets. Instead of storing long-lived credentials, the pipeline exchanges a signed JWT token for temporary credentials. This approach eliminates risks associated with storing and rotating secrets, while providing better traceability through token claims that precisely identify the workflow and repository.

2

What is the main advantage of External Secrets Operator in Kubernetes?

Cevap

External Secrets Operator automatically synchronizes secrets from external managers (Vault, AWS Secrets Manager, Azure Key Vault) into native Kubernetes Secrets. This approach centralizes secret management in a dedicated system while allowing applications to consume secrets in a standard way. It also facilitates automatic secret rotation and avoids storing sensitive credentials directly in Kubernetes manifests or Git repositories.

3

What does the principle of least privilege mean in the context of CI/CD pipelines?

Cevap

The principle of least privilege consists of granting pipelines only the permissions strictly necessary to accomplish their tasks. For example, a build pipeline should only have read rights on source code, while a deployment pipeline would only access resources in the target environment. This approach limits damage in case of pipeline compromise and reduces the overall attack surface of the infrastructure.

4

What is an SBOM (Software Bill of Materials)?

5

Why use HashiCorp Vault rather than environment variables to store secrets?

+17 mülakat soruları

Diğer DevOps mülakat konuları

Version Control & Git

Junior
20 soru

Linux Fundamentals

Junior
22 soru

Shell Scripting & Bash

Mid-Level
20 soru

Networking Basics

Junior
22 soru

Docker Fundamentals

Junior
24 soru

CI/CD Fundamentals

Junior
18 soru

GitHub Actions

Mid-Level
22 soru

GitLab CI/CD

Mid-Level
22 soru

Jenkins

Mid-Level
22 soru

Kubernetes Basics

Mid-Level
26 soru

Kubernetes Networking

Mid-Level
24 soru

Kubernetes Advanced

Mid-Level
24 soru

Ingress & API Gateway

Mid-Level
20 soru

Terraform Basics

Mid-Level
22 soru

Terraform Advanced

Mid-Level
22 soru

Ansible & Configuration Management

Mid-Level
20 soru

AWS Essentials

Mid-Level
26 soru

Azure Fundamentals

Mid-Level
22 soru

GCP Fundamentals

Mid-Level
22 soru

Monitoring & Prometheus

Mid-Level
22 soru

Logging & ELK Stack

Mid-Level
20 soru

Alerting & Incident Response

Mid-Level
20 soru

Cloud Identity & Secrets

Mid-Level
22 soru

Helm & Kubernetes

Mid-Level
20 soru

Runtime & Cluster Security

Senior
24 soru

Container Supply Chain Security

Senior
22 soru

Service Mesh & Istio

Senior
24 soru

GitOps & ArgoCD

Senior
22 soru

Progressive Delivery

Senior
20 soru

Distributed Observability

Senior
22 soru

Disaster Recovery & Backup

Senior
20 soru

Performance Optimization

Senior
22 soru

Cloud Cost Optimization

Senior
20 soru

SRE Principles

Senior
24 soru

Chaos Engineering

Senior
20 soru

Platform Engineering

Senior
22 soru

Bir sonraki mülakatın için DevOps'de uzmanlaş

Tüm sorulara, flashcards'a, teknik testlere, code review alıştırmalarına ve mülakat simülatörlerine eriş.

Ücretsiz başla