CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

An Enhanced CICD Pipeline: A DevSecOps Approach

by Olumide Bashiru Abiola, Olusola Gbenga Olufemi
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 184 - Number 48
Year of Publication: 2023
Authors: Olumide Bashiru Abiola, Olusola Gbenga Olufemi
10.5120/ijca2023922594

Olumide Bashiru Abiola, Olusola Gbenga Olufemi . An Enhanced CICD Pipeline: A DevSecOps Approach. International Journal of Computer Applications. 184, 48 ( Feb 2023), 8-13. DOI=10.5120/ijca2023922594

@article{ 10.5120/ijca2023922594,
author = { Olumide Bashiru Abiola, Olusola Gbenga Olufemi },
title = { An Enhanced CICD Pipeline: A DevSecOps Approach },
journal = { International Journal of Computer Applications },
issue_date = { Feb 2023 },
volume = { 184 },
number = { 48 },
month = { Feb },
year = { 2023 },
issn = { 0975-8887 },
pages = { 8-13 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume184/number48/32628-2023922594/ },
doi = { 10.5120/ijca2023922594 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:24:18.220139+05:30
%A Olumide Bashiru Abiola
%A Olusola Gbenga Olufemi
%T An Enhanced CICD Pipeline: A DevSecOps Approach
%J International Journal of Computer Applications
%@ 0975-8887
%V 184
%N 48
%P 8-13
%D 2023
%I Foundation of Computer Science (FCS), NY, USA
Abstract

This paper presents approaches to integrating more DevSecOps techniques into the CICD pipeline, how this can be done, and the benefits of the approaches. Subsequently, unique challenges software development is facing are identified, and some elaborate solutions to these problems are proposed. This work will enable organizations involved in software development, practicing agile enterprise application development to acquire more insight into securing CICD pipelines, which lead to fast and better releases. Secured DevOps as this can be termed, is DevSecOps in a nutshell, which is progressively becoming the only feasible solution to the many challenges organizations face with CICD handling [12]. In its simplest expression, DevSecOps is the process of providing a security enhancement to DevOps. Undoubtedly, attacks are on the rise, and threat actors are not resting, but are getting stronger at hacking targets willingly. Hence, organizations practicing CICD need to know how to combat this menace by getting better at incorporating effective security techniques and doing this very fast. This is exactly what DevSecOps helps to accomplish – providing necessary insights on better and stronger security techniques incorporation and execution [11]. Security moved closer to development and operations in the SDLC i.e., DevSecOps has brought so much dividend to software development [12]. The flexibility, know-how, and capacity to accomplish CICD security techniques are lacking in many organizations engaging in CICD practices [12]. Hence, DevOps transitioned to DevSecOps – is as much about culture as it is about the tools and processes that enable the rapid, frequent, and safe delivery of software [2]. When applying DevSecOps practices, the development lifecycle iterates frequently, providing the team with regular feedback on how safe software is, its behavior, and its usage in the real world. In total, incorporating security into CI/CD pipeline provides regular feedback on the security of the application, and can improve application functionality capacity.

References
  1. Philippa Ornell. August 20. 2020. Kth royal institute of technology school of electrical engineering and computer science. Security Assessment of Continuous Deployment Pipelines. https://www.diva-portal.org/smash/get/diva2:1471199/FULLTEXT01.pdf
  2. Bakary Jammeh. 2020. DevSecOps: Security Expertise a Key to Automated Testing in CI/CD Pipeline. https://www.researchgate.net/publication/347441415_DevSecOps_Security_Expertise_a_Key_to_Automated_Testing_in_CICD_Pipeline
  3. Justine Goldmith. 2000. Security first: Automating CI/CD pipelines and policing applications. https://events.redhat.com/accounts/register123/redhat/events/701f20000012gfuaay/Security_First_Security_Symposium_2019.pdf
  4. Ramaswamy Chandramouli. March. 2022. Implementation of DevSecOps for a Microservices-based Application with Service Mesh. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-204C.pdf
  5. Thorsten Rangnau. 2020. 2020 IEEE 24th International Conference on Enterprise Distributed Object Computing (EDOC). Continuous Security Testing: A Case Study on Integrating Dynamic Security Testing Tools in CI/CD Pipelines. https://www.researchgate.net/publication/346379276_Continuous_Security_Testing_A_Case_Study_on_Integrating_Dynamic_Security_Testing_Tools_in_CICD_Pipelines
  6. Faheem Ullah. 2017. Security Support in Continuous Deployment Pipeline. https://arxiv.org/ftp/arxiv/papers/1703/1703.04277.pdf
  7. AWS & Delloite. 2019. Integrating and automating security into a DevSecOps model. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-integrating-and-automating-security-into-a-devsecops-model.pdf
  8. Geoffrey Sanders. 2021. Software Engineering Institute, Carnegie Mellon University. July White Paper. INTEGRATING ZERO TRUST AND DEVSECOPS. https://apps.dtic.mil/sti/pdfs/AD1145432.pdf
  9. Mike Heim. 2020. National Defense-ISAC Publication. Software Security Automation: A Roadmap toward Efficiency and Security. https://ndisac.org/wp-content/uploads/ndisac-security-automation-white-paper.pdf
  10. AWS Whitepaper. 2021. Practicing Continuous Integration and Continuous Delivery on AWS. https://docs.aws.amazon.com/whitepapers/latest/practicing-continuous-integration-continuous-delivery/welcome.html
  11. Rangnau T. et al. Continuous Security Testing: 2020. A Case Study on Integrating Dynamic Security Testing Tools in CI/CD Pipelines. https://ieeexplore.ieee.org/abstract/document/9233212
  12. Guardrails whitepaper. 2023. https://www.guardrails.io/whitepapers/how-to-build-a-devsecops-pipeline/
  13. Akhil Jain. 2021. https://aws.plainenglish.io/devops-102-lifecycle-and-ci-cd-b18923240d49
  14. Daniel Pohl. 2020. https://www.logicworks.com/blog/2020/10/cicd-iac-pipeline-part-1/
  15. Rob Larter. 2020. https://www.linkedin.com/pulse/cicd-what-why-important-rob-larter
  16. Ishan Gaba. 2021. https://www.simplilearn.com/tutorials/devops-tutorial/continuous-delivery-and-continuous-deployment
Index Terms

Computer Science
Information Sciences

Keywords

AWS CICD DevOps DevSecOps Pipeline Repository CodeCommit GitHub Jenkins Kubernetes Ansible

Powered by PhDFocusTM