Browse categories
Explore
Fiverr Pro
English
$
USD
I will perform a devsecops and ci cd pipeline security audit
Cloud Security Architect for Hybrid Cloud, IAM and Zero Trust
Cloud Security Architect with strong expertise in cybersecurity, hybrid cloud, IAM, Zero Trust, DevSecOps, and secure infrastructure design. I help businesses assess risk, strengthen security posture,...
Vetted by Fiverr Pro
Marlon Costa was selected by the Fiverr Pro team for their expertise.
Vetted for
Cybersecurity
About this Gig
Vetted Pro
Is your software delivery pipeline a backdoor into your production environment?
You will get a professional DevSecOps and CI/CD Pipeline Security Audit to identify control weaknesses and vulnerabilities across your software supply chain.
Engineering velocity shouldn't compromise security. I deliver an architecture-led review covering the critical areas of modern deployment pipelines.
What this audit evaluates:
- Repository & Branch protection rules
- Secrets handling (API keys, tokens)
- Build and Runner environment security
- Artifact integrity and dependency checks
- Deployment approval workflows
What you will receive:
- Prioritized Pipeline Risk Assessment
- DevSecOps Improvement Roadmap
- Practical guardrail recommendations
This assessment helps engineering and security teams implement "Shift-Left" security without destroying developer productivity.
Please send me a message or book a Consultation Call through my profile before ordering to align on your CI/CD tooling (GitHub, GitLab, etc).
Expertise:
Configuration management
•
Gap analysis
•
Risk assessment
Technology:
Cloud - IaaS
•
Monitoring
•
Saas
•
Web application
•
Other
Regulation:
Other
My Portfolio
Other Cybersecurity Services I Offer
FAQ
Do you need direct access to our CI/CD environment?
No. In many cases, I can work from documentation, screenshots, exported configurations, workflow files, architecture diagrams, and live walkthroughs. If limited read-only access is available, we can define an appropriate review model.
What kinds of issues can this assessment identify?
This assessment can highlight risks related to repository controls, branch protections, approval workflows, secrets handling, build security, runner exposure, artifact integrity, deployment controls, and pipeline traceability.
Is this a penetration test or a formal compliance audit?
No. This project is a security review and advisory assessment. It is designed to identify control gaps, delivery risks, and practical hardening priorities, but it is not a penetration test or an official audit unless separately defined.
What will I receive at the end of the project?
Depending on the selected tier, you will receive a structured assessment with findings, risk observations, practical recommendations, and, in higher tiers, a more detailed roadmap and executive-ready summary.
Can this assessment cover platforms like GitHub, GitLab, or Azure DevOps?
Yes. This project can be applied to common DevSecOps and CI/CD platforms as long as the scope, workflows, and available evidence are clearly defined.
