Automating Enterprise Security: Integrating DevSecOps into CI/CD Pipelines
Keywords:
DevSecOps, automated security, SonarQube, GitGuardianAbstract
Integration of DevSecOps in CI/CD pipeline is an evolutionary approach to enhance enterprise security by inserting security measures directly into software development workloads. This paper explores automated security scanning tools like SonarQube, GitGuardian, and GitLeaks Can be integrated in CI/CD process of software lifecycle to detect vulnerabilities.
Downloads
References
P. Chandra, DevSecOps: Continuous Security for Agile DevOps and Cloud Computing, 1st ed. Berkeley, CA, USA: Apress, 2021.
N. Zuber, D. Abhishta, and M. Wieringa, "Security Challenges in DevOps and the Role of Security Automation," Computers & Security, vol. 112, p. 102489, 2022.
A. Yarygina and A. Bagge, "Challenges of Implementing DevSecOps in Highly Regulated Environments," in Proceedings of the 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS), Lisbon, Portugal, 2018, pp. 21-30.
A. Sharma and R. G. Kaur, "Automated Security Testing in DevOps Pipelines: A Systematic Review," Journal of Information Security and Applications, vol. 66, p. 103270, 2023.
R. Raj, M. Bangare, R. Sharma, and J. Walker, "Automated Threat Detection and Remediation in CI/CD Pipelines Using AI-Driven Security," in Proceedings of the 2022 IEEE International Conference on Cybersecurity and Resilience (ICCR), Barcelona, Spain, 2022, pp. 103-114.
A. Hilton, Continuous Security: Implementing DevSecOps in the Enterprise, 2nd ed. New York, NY, USA: O'Reilly Media, 2020.
P. Debbiche, M. Rozman, and K. Miller, "Security and Compliance in CI/CD Pipelines: Lessons from Large-Scale Enterprise Implementations," in Proceedings of the 2021 ACM Conference on Software Engineering and Security (SECS), Virtual, 2021, pp. 411-425.
S. Mohanty and R. G. Amin, "AI-Powered Security Automation for DevSecOps Pipelines," ACM Transactions on Privacy and Security (TOPS), vol. 25, no. 4, pp. 1-24, 2022.
N. Gonzalez, S. Rajput, and T. Coleman, "Comparative Analysis of Static and Dynamic Security Testing in CI/CD," IEEE Access, vol. 10, pp. 23145-23157, 2022.
M. Lin, C. Gu, and R. Krishnan, "Adopting Zero Trust Security Models in DevSecOps," Journal of Cloud Security and Compliance, vol. 17, no. 2, pp. 93-110, 2023.
A. Sharma, K. Patel, and J. Singh, "Supply Chain Security Risks in CI/CD Pipelines: A Systematic Review," in Proceedings of the 2022 IEEE International Conference on Cyber Threat Intelligence (ICTI), London, UK, 2022, pp. 112-126.
S. E. Smith, Practical DevSecOps: Security in Agile Cloud Environments, 1st ed. Birmingham, UK: Packt Publishing, 2021.
M. Nascimento and H. Garcia, "Reducing False Positives in Security Automation: A Machine Learning Approach," in Proceedings of the 2023 IEEE International Symposium on Software Security Engineering (SSE), Tokyo, Japan, 2023, pp. 132-145.
D. Morrison, "Integration of Infrastructure as Code (IaC) Security in CI/CD Pipelines," IEEE Software, vol. 39, no. 5, pp. 55-65, 2022.
R. White and M. L. Nelson, "Compliance-as-Code: A New Paradigm for Regulatory Enforcement in DevSecOps," Journal of Cybersecurity Policy and Management, vol. 6, no. 3, pp. 211-230, 2023.
R. J. Williams, "The Role of AI in Predictive Threat Intelligence for DevSecOps," in Proceedings of the 2022 International Conference on Artificial Intelligence and Security Automation (AISA), Munich, Germany, 2022, pp. 75-89.
S. Patel, DevSecOps for Cloud-Native Applications, 1st ed. Boston, MA, USA: Addison-Wesley, 2021.
T. Hernandez, "Continuous Compliance Monitoring in DevOps Pipelines," ACM Computing Surveys, vol. 55, no. 4, pp. 1-35, 2023.
L. Kim, "Security-Oriented CI/CD Pipelines: A Case Study on Large Enterprises," IEEE Transactions on Secure Software Engineering, vol. 15, no. 6, pp. 1341-1356, 2023.
A. Bakshi and P. S. Nguyen, "Blockchain for Secure DevOps Pipelines: A Systematic Review," Journal of Distributed Ledger Technology and Security, vol. 12, no. 3, pp. 81-99, 2023.
