CI/CD concepts - Interview preparation guide
Thilan Dissanayaka Interview Guides March 23, 2020

CI/CD concepts - Interview preparation guide

What is CI/CD?

CI/CD stands for Continuous Integration and Continuous Delivery/Deployment.

CI is the practice of automatically integrating code changes from multiple contributors into a shared repository, often multiple times a day, and running automated tests to detect issues early.

CD refers to two related practices:

Continuous Delivery: Automatically preparing code changes for release to production.

Continuous Deployment: Automatically deploying every code change to production without manual intervention.

What are the key benefits of CI/CD?

  • Faster release cycles

  • Early detection of bugs

  • Improved code quality

  • Reduced integration issues

  • Consistent deployment process

  • Better collaboration between development and operations

What tools are commonly used for CI/CD?

  • CI Tools: Jenkins, GitHub Actions, GitLab CI, CircleCI, Travis CI, Bamboo

  • CD Tools: Spinnaker, Argo CD, Flux

  • Supporting tools: Docker, Kubernetes, Terraform, Ansible, Helm

What is the difference between Continuous Delivery and Continuous Deployment?

  • Continuous Delivery prepares code for production release but requires manual approval to deploy.
  • Continuous Deployment automatically deploys code to production without manual steps.

What is a pipeline in CI/CD?

A pipeline is a set of automated steps that code goes through from commit to deployment. It typically includes stages like:

  • Code checkout
  • Build
  • Test
  • Package
  • Deploy

How do you handle secrets and sensitive data in CI/CD pipelines?

  • Use secret management tools like HashiCorp Vault, AWS Secrets Manager, or GitHub/GitLab secrets.
  • Avoid hardcoding secrets in scripts or code.
  • Use environment variables securely provided by the CI/CD platform.

What is the role of containers in CI/CD?

Containers (e.g., Docker) ensure that applications run in consistent environments across development, testing, and production. They help:

  • Speed up build and deployment
  • Simplify dependency management
  • Improve scalability and isolation

How do you ensure quality and security in a CI/CD pipeline?

  • Add unit, integration, and end-to-end tests
  • Include linting and static code analysis
  • Use security scanners (e.g., Snyk, Trivy, SonarQube)
  • Conduct vulnerability checks for dependencies and containers -Apply approval workflows for production deployments

What are some challenges you’ve faced in implementing CI/CD?

  • Long pipeline execution times
  • Flaky tests slowing down deployment
  • Environment mismatches between dev and prod
  • Managing secrets and credentials securely
  • Resistance to cultural change within teams

How would you implement a rollback strategy in a CI/CD pipeline?

  • Maintain previous builds/artifacts for quick redeployment
  • Use blue-green deployments or canary releases
  • Automate rollback steps in case of failed health checks
  • Monitor production health post-deployment and trigger rollback on anomalies

What is Infrastructure as Code (IaC) and how does it relate to CI/CD?

IaC is managing and provisioning infrastructure using code and automation tools like Terraform, CloudFormation, or Ansible. In CI/CD, IaC ensures:

  • Consistent environments
  • Version-controlled infrastructures
  • Easy automation of infrastructures
ALSO READ
Writing a Shell Code for Linux
Apr 21, 2020 Exploit Development
Writing a Shell Code for Linux

Shellcode is a small piece of machine code used as the payload in exploit development. In this post, we write Linux shellcode from scratch — starting with a simple exit, building up to spawning a shell, and explaining every decision along the way.

Exploiting a Stack Buffer Overflow on Windows
Apr 12, 2020 Exploit Development
Exploiting a Stack Buffer Overflow on Windows

In a previous tutorial we discusses how we can exploit a buffer overflow vulnerability on a Linux machine. I wen through all theories in depth and explained each step. Now today we are going to jump...

Exploiting a Stack Buffer Overflow on Linux
Apr 01, 2020 Exploit Development
Exploiting a Stack Buffer Overflow on Linux

Have you ever wondered how attackers gain control over remote servers? How do they just run some exploit and compromise a computer? If we dive into the actual context, there is no magic happening....

Basic concepts of Cryptography
Mar 01, 2020 Cryptography
Basic concepts of Cryptography

Ever notice that little padlock icon in your browser's address bar? That's cryptography working silently in the background, protecting everything you do online. Whether you're sending an email,...

Common Web Application Attacks
Feb 05, 2020 Application Security
Common Web Application Attacks

Web applications are one of the most targeted surfaces by attackers. This is primarily because they are accessible over the internet, making them exposed and potentially vulnerable. Since these...

Remote Code Execution (RCE)
Jan 02, 2020 Application Security
Remote Code Execution (RCE)

Remote Code Execution (RCE) is the holy grail of application security vulnerabilities. It allows an attacker to execute arbitrary code on a remote server — and the consequences are as bad as it sounds. In this post, we'll go deep into RCE across multiple languages, including PHP, Java, Python, and Node.js.

> > >
ABOUT

Dive deep into the fascinating world of cybersecurity — where knowledge is power, and every byte matters.

Explore expertly written articles on system exploitation, web application hacking, exploit development, malware analysis, cryptography, and more.

CATEGORIES