Secure Build

Introduction

This page delves into our comprehensive approach to securing the build process, highlighting our use of cryptographic hashes for artifact verification, stringent version control practices, defined toolchains with immutable Docker images, and meticulous dependency management to ensure compliance and control at every stage of development

Subpages

Artifact Binary Provenance: This topic covers how we ensure every piece of software running in production has a known and verified origin using cryptographic hashes like SHA256. We explain the evidence we record and the tools we use to maintain this provenance.

Version Control: This page describes how we use Bitbucket for version control, including our branching strategies and how we protect these branches to enforce our code review process.

Defined Toolchain: This topic discusses the importance of using immutable Docker images to define our build environment, enabling auditing, security scanning, and version control. It also explains our use of Bitbucket pipelines for official builds.

Dependency Management: This page outlines how we manage dependencies, ensuring all are controlled and comply with licensing requirements. We detail the process of recording dependencies during builds and how we track them at the application and Docker image levels.