Continuous integration and continuous deployment (CI/CD) are best practices for automating the software development process. People leverage them to ensure rapid iteration and delivery of product development. The rapid lifecycle makes traditional security management vulnerable to its lack of agility, exposing the urgent need to put security into DevOps processes. Development, security, and operation, quoted as DevSec Ops, advocates shift-left security, promotes people to implant security best practices into all DevOps stages, and builds continuous security analysis, testing, and management with automation.
Based on CI/CD, this study defines continuous security practices and applies application security processes on a DevSecOps pipeline to implement shift-left security. The CodeHawk platform, based on the proposed secure pipeline and open source software, is developed to free the development team from testing manually, enable them to focus on development, gain the corresponding security assurance, and lower the operating costs. Experiments show that our DevSecOps pipeline design significantly improves the efficiency of the DevSecOps process.