DEVSECOPS: A CONCEPT OF INTEGRATING SECURITY TESTS IN CI/CD-PIPELINES IN VEHICLE MANUFACTURING INDUSTRY

Thumbnail Image

Files

COVER.pdf (876.71 KB)
 CHAPTER 1.pdf (80.14 KB)
 CHAPTER 2.pdf (222.47 KB)
 CHAPTER 3.pdf (218.77 KB)
 CHAPTER 4.pdf (2.62 MB)

Date

2024-07-25

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Swiss German University

Abstract

Security is critical in software development, especially with today’s demands for rapid software release. Integrating security into the early stages of development is essential because it allows vulnerabilities to be discovered and addressed early, saving significant time and reducing the costs associated with fixing security issues later in the development cycle. However, most industry practices often overlook this aspect and are typically subjective and ad hoc. This study aims to provide a systematically developed blueprint for integrating security testing into the CI/CD pipeline, specifically for a vehicle manufacturing company. Data was gathered from a systematic literature review, a market study, and a case study to develop the concept. This research proposed a DevSecOps CI/CD Pipeline toolchain that is designed in a systematic way, combining academic insights and industry practices to identify integration points and security testing activities at each step of the CI/CD pipeline within the company where this research was conducted. The proposed toolchain is then made into an architecture then validated through a prototype that is implemented.

Description

Keywords

DevSecOps, CI/CD Pipeline, Security Testing, Continuous Integration and Continuous Deployment (CI/CD), Continuous Integration, Security in Software Development

Citation

URI

https://dspace-repository.sgu.ac.id/handle/123456789/251

Collections

Thesis

Endorsement

Review

Supplemented By

Referenced By