close search bar

Sorry, not available in this language yet

close language selection

Definition

CI and CD stand for continuous integration and continuous delivery/continuous deployment. In very simple terms, CI is a modern software development practice in which incremental code changes are made frequently and reliably. Automated build-and-test steps triggered by CI ensure that code changes being merged into the repository are reliable. The code is then delivered quickly and seamlessly as a part of the CD process. In the software world, the CI/CD pipeline refers to the automation that enables incremental code changes from developers’ desktops to be delivered quickly and reliably to production.

Why is CI/CD important?

CI/CD allows organizations to ship software quickly and efficiently. CI/CD facilitates an effective process for getting products to market faster than ever before, continuously delivering code into production, and ensuring an ongoing flow of new features and bug fixes via the most efficient delivery method. 


Get the State of DevSecOps

Learn about the tools and strategies used to build secure software

What is the difference between CI and CD?

Continuous integration (CI) is practice that involves developers making small changes and checks to their code. Due to the scale of requirements and the number of steps involved, this process is automated to ensure that teams can build, test, and package their applications in a reliable and repeatable way. CI helps streamline code changes, thereby increasing time for developers to make changes and contribute to improved software.

Continuous delivery (CD) is the automated delivery of completed code to environments like testing and development. CD provides an automated and consistent way for code to be delivered to these environments.

Continuous deployment is the next step of continuous delivery. Every change that passes the automated tests is automatically placed in production, resulting in many production deployments.

Continuous deployment should be the goal of most companies that are not constrained by regulatory or other requirements.

In short, CI is a set of practices performed as developers are writing code, and CD is a set of practices performed after the code is completed.

CI/CD | Black Duck

How does CI/CD relate to DevOps?

DevOps is a set of practices and tools designed to increase an organization’s ability to deliver applications and services faster than traditional software development processes. The increased speed of DevOps helps an organization serve its customers more successfully and be more competitive in the market. In a DevOps environment, successful organizations “bake security in” to all phases of the development life cycle, a practice called DevSecOps.

The key practice of DevSecOps is integrating security into all DevOps workflows. By conducting security activities early and consistently throughout the software development life cycle (SDLC), organizations can ensure that they catch vulnerabilities as early as possible, and are better able to make informed decisions about risk and mitigation. In more traditional security practices, security is not addressed until the production stage, which is no longer compatible with the faster and more agile DevOps approach. Today, security tools must fit seamlessly into the developer workflow and the CI/CD pipeline in order to keep pace with DevOps and not slow development velocity. 

The CI/CD pipeline is part of the broader DevOps/DevSecOps framework. In order to successfully implement and run a CI/CD pipeline, organizations need tools to prevent points of friction that slow down integration and delivery. Teams require an integrated toolchain of technologies to facilitate collaborative and unimpeded development efforts.


What AppSec tools are required for CI/CD pipelines?

One of the largest challenges faced by development teams using a CI/CD pipeline is adequately addressing security. It is critical that teams build in security without slowing down their integration and delivery cycles. Moving security testing to earlier in the life cycle is one of the most important steps to achieving this goal. This is especially true for DevSecOps organizations that rely on automated security testing to keep up with the speed of delivery. 

Implementing the right tools at the right time reduces overall DevSecOps friction, increases release velocity, and improves quality and efficiency.


The Black Duck portfolio of tools and services can help with your DevSecOps Effort

Black Duck CI/CD MAP services provide consultation support to help you develop a maturity action plan (MAP) according to the state of your organization’s DevSecOps readiness.

Black Duck's comprehensive set of application security testing (AST) tools help you test for and remediate security vulnerabilities in your CI/CD pipeline.

Code Build Test Operate
Software development begins, which includes designing the system in an IDE, writing and reviewing the code for errors. During the building phase, the team takes the requirements documented during the planning phase to build the software. The software is assessed by the testing team to determine whether it meets the necessary requirements. Software is deployed and monitored in the production environment.
Developer tool integrations
Secure code as quickly as you write it by placing risk insight, remediation guidance and secure coding education at the developer's fingertips. Learn more
Static analysis
Find security and quality issues in proprietary source code. Learn more
Interactive analysis
Identify and verify security vulnerabilities in running web applications. Learn more
Continuous security scanning
Perform continuous web application security testing in production. Learn more
Software composition analysis
Automatically discover open source and third-party components and their associated security and license risks in any application or container. Learn more
Real-time threat alerts
Get real-time alerts when new vulnerabilities are reported in your applications or containers. Learn more
Application security posture management
Streamline AppSec policies, test orchestration, correlation and prioritization of security issues across the enterprise to obtain a unified view of security risk. Learn more

What are the benefits of CI/CD?

  • Automated testing enables continuous delivery, which ensures software quality and security and increases the profitability of code in production.
  • CI/CD pipelines enable a much shorter time to market for new product features, creating happier customers and lowering strain on development.
  • The great increase in overall speed of delivery enabled by CI/CD pipelines improves an organization’s competitive edge.
  • Automation frees team members to focus on what they do best, yielding the best end products.
  • Organizations with a successful CI/CD pipeline can attract great talent. By moving away from traditional waterfall methods, engineers and developers are no longer bogged down with repetitive activities that are often highly dependent on the completion of other tasks. 

Explore how to build security into DevOps