Skip to content
Salus Cyber

Security Configuration Review

CI/CD Configuration Review

Ensure your configuration is secure, limiting the risk of compromise.

Vulnerabilities in your CI/CD pipeline can lead to attackers being able to inject malicious code into application workflows.

The (CI/CD) Configuration Review will assess the settings and configuration of your CI/CD pipeline and tools. The review will help align your setup to industry good practices and standards, help identify misconfigurations and vulnerabilities and highlight any areas for improvement.

We ensure that sufficient flow control vectors are in place to prevent an attacker from pushing malicious code or artefacts down the pipeline without undergoing strict reviews and approvals. Assessing identity and access management to strive for the least privilege and limit overly permissive identities.

We also look at risks associated with dependency chain abuse, poisoned pipeline execution, insufficient pipeline-based access controls, insufficient credential hygiene and insecure systems configuration.

First Line Dark


CI/CD Configuration Reviews can help to identify and address security weaknesses in your pipeline, reducing the risk of cyber attacks. Businesses can avoid costly data breaches, reputational damage, and regulatory fines by reducing the risk of cyber attacks. This can lead to cost savings and increased value for money for businesses.


By identifying security vulnerabilities early in the pipeline, organisations can quickly remediate issues and reduce the time required to address security concerns. This minimises the impact of potential security incidents and reduces system downtime associated with security patches or fixes.


Secrets management involves procedures to securely manage, store, and use credentials like session tokens, API keys, passwords and encryption keys. We can help by ensuring adequate key/secret rotation, robust password policies and strong encryption throughout the process.


The first step toward securing a pipeline is to control and organise access privileges. Our consultants are well placed to provide advice and remediations on identity and access management, whether implementing least privilege or enforcing role-based access controls.

How we work

Customer Journey

  1. Identify

    First, we take time to familiarise ourselves with your business. This allows us to clearly understand your requirements, your business risks, your key pain-points, and the outcomes you’re looking for.

  2. Understand

    We turn those requirements into crystal-clear scoping and test plan documents, so you know precisely what we’ll be doing, when we will be doing it, and how we will do it.

  3. Test

    We deliver what we promised.

  4. Inform

    Every report we create is unique based on your business, we don’t use cookie cutter data for our summaries or our remediation plans. Our precise and concise findings brief will advise what steps your business needs to take next to reduce cyber risk.

  5. Remediate

    We can ensure that the remediation process is tracked and coordinated within your business, we will allocate resources to point you in the right directions or if you need our help directly with remediation, we’ve got you covered.

  6. Feedback

    Your opinion is important to us, so we send a questionnaire to every one of our customers after each project – so you can let us know how we did.

Request a call back