Automatic build and deploy

A construction and release of software system shall be performed before delivering the software system to users. Construction of systems developed in static languages includes compiling, packaging and other procedures; construction of systems developed in dynamic languages usually includes only packaging and other procedures (most without compiling). Release of Web system means to deploy the constructed system file on the server; release of mobile application means to upload the constructed application files to an application store or a server which allows users to download.

In case that the construction and release are performed manually by development or maintenance personnel on their own machines in which the build tool is injected with a backdoor, or that the code is injected with a backdoor or deployment, by an operator during construction, then security vulnerabilities will exist in the software. To avoid the occurrence of those security vulnerabilities, a set of CI flow lines need to be established through a rigorous process including development tool review (MD5 code validation) and setting of strict access permission control, to avoid the occurrence of some unintended security vulnerabilities in the last step of the software development.