CI CD Interview Questions and Answers
Question - 31 : - What are the best practices for managing CI/CD secrets?
Answer - 31 : -
Pipeline secrets should be secure at both in-transit and at rest. You should follow some best practices to secure CI/CD secrets as below.
- There should not be any hard coded secrets in pipeline.
- Use password managers, secret key vaults etc.
- There should be proper RBAC - Role Based Access Control. You should know who need what.
- Follow the practices of lease privilege means you should grant the minimum level of access or secrets required to perform tasks.
- For more visit Manage CI/CD Secrets
Question - 32 : - How will you secure your CI/CD pipeline?
Answer - 32 : -
Security of a CI/CD Pipeline depends on many factors. Let's discuss them.
- Unit testing is important to test multiple unit testable distributed components. So make sure you have proper unit testing of your code.
- SAST (static analysis security testing) is a tool that scans for security vulnerabilities in your code and libraries that you use. All modern tools provide good integration with CD pipeline to ensure SAST scanning.
- DAST (dynamic analysis security testing) is a tool which perform dynamic scan for security vulnerabilities in your application. It performs the testing from outside the application similar to what an attacker would do.
- For more visit DevSecOps
Question - 33 : - Does CI/CD require any programming knowledge?
Answer - 33 : -
CI/CD does or noes not required any programming or scripting language. When you are working with some GUI based tool such as Azure DevOps (ADO) then no programming or scripting language is required. Some other ways like ARM templates in Azure DevOps required the knowledge of scripting language. So It's depend on tools and different ways of CI/CD setup.
Question - 34 : - How CI/CD is different from DevOps?
Answer - 34 : -
CI/CD and DevOps are two related concepts rather than different. CI/CD emphasize the automation of activities carried along the software-defined life cycle from building to delivery. DevOps refers core set of practices for quality software development and focus on culture that removes barriers between operations and engineering team.
Question - 35 : - What is a Git repository?
Answer - 35 : -
A Git repository keeps track of every file in a software project. The repository serves as an index for all files and changes in the project, allowing developers to navigate to any point in the project’s history.
Question - 36 : - Which other version control tools do you know of?
Answer - 36 : -
- Mercurial
- Subversion (SVN)
- Concurrent Version Systems (CVS)
- Perforce
- Bazaar
- Bitkeeper
- Fossil
Question - 37 : - What is a Git branch?
Answer - 37 : -
A Git branch is an independent line of development, usually created for working on a feature. Branches let developers code without affecting the work of other team members.
Question - 38 : - What is merging?
Answer - 38 : -
Merging consists of joining branches. For example, when developers incorporate their peer-reviewed changes from a feature branch into the main branch.
Question - 39 : - What is trunk-based development?
Answer - 39 : -
Trunk-based development is a branching model where most of the work takes place in a single trunk, usually called trunk, master, or main. The trunk receives daily merges from all developers in the team.
Trunk-based development is a popular development model because it simplifies version control. Since the trunk is a single source of truth, this model minimizes the chances of merge conflict.
Question - 40 : - What is Gitflow, and how does it compare to trunk-based development?
Answer - 40 : -
Gitflow is a workflow for Git that makes heavy use of branches. In Gitflow, all the code is merged into the develop branch instead of the main branch, which serves as an abridged version of the project’s history.
Features are worked on specific “feature branches” (typically prefixed with feature/). In the same fashion, releases also create a dedicated release/ branch.
Compared with trunk-based development, Gitflow is more complex and has a higher chance of inducing merge conflicts, which is why it has fallen out of favor among the development community.