Why this topic matters
GitOps and infrastructure as code move production intent into repositories, plans and automation. That is operationally powerful and offensively attractive. Compromise the declaration and the environment may rebuild itself in your favour.
Operator checks
- Track which repos are authoritative for infrastructure and which controllers apply the changes.
- Review plan, approval and environment-selection logic for ways to redirect deployment intent.
- Compare declared state to runtime state to identify hidden privilege or drift.
- Treat build metadata, attestation and controller identity as first-class trust objects.
Reporting lens
Write findings in terms of trust crossed, scope enlarged and business or operational effect reached. That keeps the note useful whether you are validating a lab, an internal research target or a live customer environment.
Curated public references
- Argo CD SecurityGitOps controller trust and risk context.
- Flux SecurityGitOps deployment and controller security.
- Terraform StateState and IaC trust considerations.