JISE


  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]


Journal of Information Science and Engineering, Vol. 39 No. 5, pp. 1117-1128


Microservices-based DevSecOps Platform using Pipeline and Open Source Software


WEN-TIN LEE+ AND ZHUN-WEI LIU
Department of Software Engineering and Management
National Kaohsiung Normal University
Kaohsiung, 80201 Taiwan
E-mail: {wtlee; 611077104}@mail.nknu.edu.tw


Continuous integration and continuous deployment (CI/CD) are best practices for automating the software development process. People leverage them to ensure rapid iteration and delivery of product development. The rapid lifecycle makes traditional security management vulnerable to its lack of agility, exposing the urgent need to put security into DevOps processes. Development, security, and operation, quoted as DevSec Ops, advocates shift-left security, promotes people to implant security best practices into all DevOps stages, and builds continuous security analysis, testing, and management with automation.
Based on CI/CD, this study defines continuous security practices and applies application security processes on a DevSecOps pipeline to implement shift-left security. The CodeHawk platform, based on the proposed secure pipeline and open source software, is developed to free the development team from testing manually, enable them to focus on development, gain the corresponding security assurance, and lower the operating costs. Experiments show that our DevSecOps pipeline design significantly improves the efficiency of the DevSecOps process.


Keywords: DevOps, DevSecOps, continuous integration, continuous delivery, security testing, open-source software

  Retrieve PDF document (JISE_202305_07.pdf)