Hacker News new | past | comments | ask | show | jobs | submit login

We use an artifact server and our build servers are completely airgapped. We know exactly what dependencies are used across the organisation. We can take centralised action against malicious dependencies.

I wouldn't bother having one if you're small (<25) people. If you start having a centralised Infosec group, then it starts to become necessary.




Airgaped? Really? Everytime a build happens someone physically moves a Thu drive or some other media too from the build server?

Airgap means not networked, even internally. Not just "blocked" from internet.


Wikipedia[1] offers a slightly relaxed definition, although I agree, I (and my colleagues) abuse the term.

The artifact repository server connects to the internet via a proxy. Build servers have no access to the internet.

[1] https://en.wikipedia.org/wiki/Air_gap_(networking)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: