An Empirical Study of DevSecOps Focused on Continuous Security Testing

DevSecOps is an emerging approach to integrate robust security into the DevOps software development process. It focuses on breaking the silos between development, security, and operations and on introducing security from the beginning of the software development process. In this paper, we present a...

Full description

Saved in:
Bibliographic Details
Main Authors: Feio, Clarisse, Santos, Nuno, Escravana, Nelson, Pacheco, Bernardo
Format: Conference Proceeding
Language:English
Subjects:
Continuous Security Testing
DevOps
DevSecOps framework
DevSecOps pipeline
Measurement
Open-source software
Pipelines
Security
Testing
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:DevSecOps is an emerging approach to integrate robust security into the DevOps software development process. It focuses on breaking the silos between development, security, and operations and on introducing security from the beginning of the software development process. In this paper, we present a DevSecOps framework centered on the principle of continuous security testing, applicable across various software development scenarios. Our ultimate goal is to promote wider adoption of DevSecOps practices. The framework comprises a CI/CD pipeline, a series of activities tailored for each phase, and tools to automate these activities. Through a case study conducted in a real-world setting, we evaluated the effectiveness of our framework. The results indicate that the framework's implementation was successful, enabling the development team to identify numerous vulnerabilities, including critical ones, proactively. Moreover, the developers have shown a keen interest in employing this framework in their future projects.
ISSN:2768-0657
DOI:10.1109/EuroSPW61312.2024.00074