A CI/CD pipeline (Continuous Integration / Continuous Delivery) is an automated workflow that takes code changes through build, test, and deployment stages. CI ensures that changes are regularly integrated and tested; CD automates delivery to staging or production environments.
In an ISMS, CI/CD pipelines are relevant to ISO 27001 Annex A controls A.8.25 (Secure Development), A.8.31 (Separation of Development, Test and Production Environments), and A.8.32 (Change Management). Security measures within the pipeline include SAST/DAST scans, dependency checks, container image scanning, branch protection, and signed artifacts. The pipeline itself is an attack target — protect build secrets, use minimal runner permissions, and log all pipeline executions.