DevSecOps and the Secure SDLC: Automating Compliance in Agile Pipelines

Authors

  • Chiranjeevulu Reddy Kasaram Natsoft Corporation Author

Keywords:

DevSecOps, Secure SDLC, CI/CD pipelines, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), policy-as-code, developer accountability, automation, agile security, compliance automation, software security, continuous delivery.

Abstract

To ensure strong software processes, security needs to be integrated into the CI/CD pipeline in agile environments. The paper investigates the use of DevSecOps tools and methods that include security continually, with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). It shows how policy-as-code helps to enforce compliance and the responsibility developers have to use secure coding methods. Automated processes make it faster and more secure to deliver changes by finding vulnerabilities early and requiring less manual effort, which lowers risks and strengthens the system. The analysis of different industry issues shows that by adding security to agile pipelines, businesses can comply with regulations and speed up development without affecting security. The information is meant to point practitioners to the best practices in using DevSecOps to build secure, successful and adherent software.

References

Bou Ghantous, G., & Gill, A. (2017). DevOps: Concepts, practices, tools, benefits and challenges. PACIS2017. https://opus.lib.uts.edu.au/bitstream/10453/130066/1/DevOps-%20Concepts%20Practices%20Tools%20Benefits%20and%20Challenges.pdf

Chen, C. P., & Zhang, C. Y. (2014). Data-intensive applications, challenges, techniques and technologies: A survey on Big Data. Information sciences, 275, 314-347. https://ieeexplore.ieee.org/abstract/document/8029803

Esposito, G., Hernández, P., Van Bavel, R., & Vila, J. (2017). Nudging to prevent the purchase of incompatible digital products online: An experimental study. PloS one, 12(3), e0173333. https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0173333

Hamunen, J. (2016). Challenges in adopting a Devops approach to software development and operations. https://aaltodoc.aalto.fi/items/e027d51b-67f0-485a-b779-64d9e66d3db2

Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of computer and system sciences, 80(5), 973-993. https://www.sciencedirect.com/science/article/pii/S0022000014000178

Tomassi, D. A. (2018, October). Bugs in the wild: examining the effectiveness of static analyzers at finding real-world bugs. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 980-982). https://dl.acm.org/doi/abs/10.1145/3236024.3275439

Ur Rahman, A. A., & Williams, L. (2016, May). Software security in DevOps: synthesizing practitioners' perceptions and practices. In Proceedings of the international workshop on continuous software evolution and delivery (pp. 70-76). https://www.sciencedirect.com/science/article/pii/S0164121219301517

Downloads

Published

13-05-2019

Issue

Vol. 1 No. 3 (2019): International Journal of Computer Science and Information Technology Research (IJCSITR)

Section

Articles

License

Copyright (c) 2019 Chiranjeevulu Reddy Kasaram (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

Chiranjeevulu Reddy Kasaram. (2019). DevSecOps and the Secure SDLC: Automating Compliance in Agile Pipelines. International Journal of Computer Science and Information Technology Research , 1(3), 1-9. https://ijcsitr.org/index.php/home/article/view/IJCSITR_2019_01_03_001