Product Security Glossary

CI/CD

What is CI/CD? 

CI/CD is a method for automating the process of software application development and deployment.  The CI stands for “continuous integration”.  The CD part stands for both “continuous delivery” and “continuous deployment”.  CI/CD allows development teams to integrate new code more easily, and it allows developers to deliver applications to users on a more frequent basis. 

How does CI/CD work? 

Think of CI/CD as a pipeline.  But, instead of delivering water, oil, or some other fluid, this pipeline delivers software.  Continuous integration is the first part of the pipeline.  In this stage, software developers build, test, and merge code changes for an application to a shared repository on a regular basis.  Using a shared repository eliminates the risk of having multiple developers creating multiple code branches that could conflict with each other.  Whenever code from the various developers gets merged, which could happen on a daily basis, the code will get built and tested automatically.  Of course, it’s still possible to have code conflicts between different developers, but continuous integration makes it easy to fix. 

After the continuous integration process, comes the continuous delivery process.  This involves taking the code that was integrated, tested, and validated during CI, automatically building the app, and then automatically delivering it to a shared repository.  At this point, the app is ready for the operations team to deploy. 

Continuous deployment, the other meaning for “CD”, is the final stage of the CI/CD pipeline.  This stage automates the process of releasing an application for production.   

How is CI/CD beneficial? 

To begin with, the whole CI/CD process means that changes to applications get deployed very quickly, often within minutes of having been created.  This allows developers to more quickly receive and incorporate feedback from users.  It makes it less risky to deploy applications, because changes can be made incrementally, rather than all at once.  And, it allows bugs to be detected earlier. 

Is there a downside to CI/CD? 

The only real downside to CI/CD is that it requires a large investment of time to set it up initially.  That’s because a set of automated tests must be designed and created for every stage of the CI/CD pipeline. 

What are some CI/CD tools? 

A variety of CI/CD tools is available.  Some tools handle the CI side, while others handle the CD side.  And, some tools handle both. 

Open-source CI/CD tools include Jenkins, GoCD, Screwdriver, Concourse, and Spinnaker.  Managed tools from commercial vendors include TeamCity, Atlassian Bamboo, CircleCI, and TravisCI. 

Tools such as Ansible, Chef, Puppet, Docker, and Kubernetes, aren’t strictly CI/CD tools.  But, they can certainly be a useful part of a CI/CD pipeline. 

Software development and deployment can be tedious and, at times, risky.  CI/CD can help ease the pain and reduce the risk by automating many integration and deployment processes.