Multivocal Literature Review on the Security of DevSecOp

Abstract: DevOps revolutionize the software development lifecycle by providing agile and fast-paced solutions. DevOps ignores security prospects since it focuses only on increasing development and speed. DevSecOp is a notion of implanting Security into DevOps operation without distressing its agile nature by discovering contemporary security practices. This research aims to reveal a comprehensive overview of DevSecOp.  Here we presented a brief overview of the research methodology. Afterward, it presented the method of … Show more

“…Organizational and management system DevSecOps is a logical continuation of the current scheme of software-digital production DevOps, with the above described system of safety testing (in various modes) integrated into the processes of software products production, which allows to obtain in conjunction with more complete (compared to DevOps) production communication management system between the key participants of software-digital engineering and production cycle -Figure 3 [23][24][25][26][27][28]. Analysis of relevant scientific papers and publications on the device and system of DevSecOps methodology functioning, such as R. N. Rajapakse [29] (system information and analytical review on the device of DevSecOps methodology and the problems of software-digital production transition from DevOps to the integration of the logical security-free section in the generalized concept of transition to DevSecOps), A. Ibrahim [30] (research and development of proposals for implementing DevSecOps in a modular solution (using cloud services) in DevOps-based digital production process), A. Landry [31] (analyzing the experience of implementing DevSecOps-based security tools and building an internal secure data transmission system in service communications for the US Department of Defense -DARPA Secure Handhelds on Assured Resilient networks at the tactical Edge (SHARE)), N. Harshitha [32] (analyzing the integration of DevSecOps security tools in Cloud Computing technologies), M. Orosz [33] (application of DevSecOps organizational and management system in the space industry), A. Schwan-Gijima [34] (information and analytical review regarding the device and methods for implementing DevSecOps security tools and blocks in software-digital production processes), Y. Malhotra [35] (study of the problems of implementing IaC, DevSecOps and MLops security tools in hybrid cloud computing with zero-trust beyond "lift and carry"), M. Ekoramaradhya [36] (study of the possibility of applying security tools for implementation in digital Internet of Things (IoT) protection protocols), allows to formulate a generalized system-wide view of the structure of the studied organizational and management system.…”

Secure Change Management Process: On the Effectiveness of DevSecOps

“…Organizational and management system DevSecOps is a logical continuation of the current scheme of software-digital production DevOps, with the above described system of safety testing (in various modes) integrated into the processes of software products production, which allows to obtain in conjunction with more complete (compared to DevOps) production communication management system between the key participants of software-digital engineering and production cycle -Figure 3 [23][24][25][26][27][28]. Analysis of relevant scientific papers and publications on the device and system of DevSecOps methodology functioning, such as R. N. Rajapakse [29] (system information and analytical review on the device of DevSecOps methodology and the problems of software-digital production transition from DevOps to the integration of the logical security-free section in the generalized concept of transition to DevSecOps), A. Ibrahim [30] (research and development of proposals for implementing DevSecOps in a modular solution (using cloud services) in DevOps-based digital production process), A. Landry [31] (analyzing the experience of implementing DevSecOps-based security tools and building an internal secure data transmission system in service communications for the US Department of Defense -DARPA Secure Handhelds on Assured Resilient networks at the tactical Edge (SHARE)), N. Harshitha [32] (analyzing the integration of DevSecOps security tools in Cloud Computing technologies), M. Orosz [33] (application of DevSecOps organizational and management system in the space industry), A. Schwan-Gijima [34] (information and analytical review regarding the device and methods for implementing DevSecOps security tools and blocks in software-digital production processes), Y. Malhotra [35] (study of the problems of implementing IaC, DevSecOps and MLops security tools in hybrid cloud computing with zero-trust beyond "lift and carry"), M. Ekoramaradhya [36] (study of the possibility of applying security tools for implementation in digital Internet of Things (IoT) protection protocols), allows to formulate a generalized system-wide view of the structure of the studied organizational and management system.…”

Secure Change Management Process: On the Effectiveness of DevSecOps