I do have a CI/CD Pipeline to deploy my spring boot application to PCF. It does have a Job to call a shell script to deploy to the PCF environment. How can i ensure that it doesn't install a malware so that hacker cannot mess it up. Any ideas/suggestions are welcome.
There are two ways to look at it (that I'm aware of):
The first is that your CI/CD pipeline builds and deploys your application, so unless you add malware to your application (possibly inadvertently by depending on a compromised version of a library), it won't deploy malware.
The second is that you absolutely can add automatic security checking to your pipelines, for example by integrating with a static or dynamic malware scanner. You can make that a stage in your pipeline, somewhere before the deployment, that makes the pipeline halt and fail if a scanner detects malicious code.
(Note that some cloud-based malware scanner, such as virustotal, make all uploaded files available to all subscribers of their service, which might not be acceptable in some cases; be sure to read and understand the scanner's Terms of Service before you use it).