Design and Implementation of Security Test Pipeline based on DevSecOps

Sun, Xiaohan; Cheng, Yunchang; Qu, Xiaojie; Li, Hang

doi:10.1109/imcec51613.2021.9482270

Cited by 6 publications

(2 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, the automation of the security checks and processes allows exploratory testing and thinking beyond the manual tasks' performance [34]. Code compliance testing can be accomplished by integrating multiple test engines, such as fortify and appscan [44].…”

Section: Compliance As Codementioning

confidence: 99%

See 1 more Smart Citation

Holding on to Compliance While Adopting DevSecOps: An SLR

et al. 2022

View full text Add to dashboard Cite

The software industry has witnessed a growing interest in DevSecOps due to the premises of integrating security in the software development lifecycle. However, security compliance cannot be disregarded, given the importance of adherence to regulations, laws, industry standards, and frameworks. This study aims to provide an overview of compliance aspects in the context of DevSecOps and explore how compliance is ensured. Furthermore, this study reveals the trends of compliance according to the extant literature and identifies potential directions for further research in this context. Therefore, we carried out a systematic literature review on the integration of compliance aspects in DevSecOps, which rigorously followed the guidelines proposed by Kitchenham and Charters. We found 934 articles related to the topic by searching five bibliographic databases (163) and Google Scholar (771). Through a rigorous selection process, we selected 15 papers as primary studies. Then, we identified the compliance aspects of DevSecOps and grouped them into three main categories: compliance initiation, compliance management, and compliance technicalities. We observed a low number of studies; therefore, we encourage further efforts into the exploration of compliance aspects, their automated integration, and the development of metrics to evaluate such a process in the context of DevSecOps.

show abstract

Section: Compliance As Codementioning

confidence: 99%

“…Compliance Assessment/Evaluation: Compliance assessment is the continuous process that follows compliance testing [44]. In this regard, different application security testing approaches, such as Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA), are used to assess compliance.…”

Section: Managementmentioning

confidence: 99%