I've noticed that the speed of my CI/CD pipeline has taken a hit, going from 8 minutes to over 25 minutes since integrating security checks like GuardDuty findings, Config rule validations, and third-party container scans. The biggest slowdowns come from the Cloud Formation drift detection and cross-account IAM policy analysis that happens with every commit. Although I've attempted parallel scans and caching for unchanged resources, we're still running into API rate limits during busy hours. I'm considering moving some of the heavier security scans to post-deployment or using async webhooks, but I'm concerned about potentially missing critical security issues. Has anyone come up with effective strategies to maintain security coverage without sacrificing the speed of AWS pipelines? What has been successful for you?
1 Answer
You might want to look into tools like cdk-nag. Cloud Formation drift detection on every commit is a bit much; perhaps running it on a nightly schedule would be better. Also, think about using your own container repositories instead of public ones. This way, you can do your scans within your container pipelines rather than during infrastructure deployments. By the way, which API limits are you running into? It could help to check 'service quotas' to see if there's room to increase them.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically