Litcius/Paper detail

Implementation of DevSecOps by Integrating Static and Dynamic Security Testing in CI/CD Pipelines

Agung Maulana Putra, Herman Kabetta

202216 citationsDOI

Abstract

Problems at the build, test, and deploy stages are standard in the development lifecycle of systems with Agile. They are time-consuming and cause releases to fall behind schedule. DevSecOps provide the solution to this problem. This study delivers a build, test, and deployment automation solution for those working in an Agile SDLC environment. This study is an approach to implementing DevSecOps on an information system's Agile SDLC, a web-based software developed with the Node.js and Dart programming languages, Express.js, and Flutter frameworks. The process carried out in this study uses GitLab and Docker tools, consisting of five stages: continuous development, continuous testing, continuous integration, continuous deployment, and continuous monitoring. This approach shortens the time and streamlines the build, testing, and deployment, whereas previously, the process of system development was done manually. It took up to several hours to only take 3–4 minutes after automation was applied to the deployment process. In addition, we conduct a combination of automated static and dynamic security testing to help ensure the system's security by obtaining results related to vulnerabilities.

Topics & Concepts

Computer scienceSoftware deploymentAgile software developmentSoftware engineeringProcess (computing)Systems development life cycleAutomationSoftware development processScheduleEmbedded systemSoftware developmentSoftwareOperating systemEngineeringMechanical engineeringAdvanced Malware Detection TechniquesSoftware Engineering Techniques and PracticesSoftware Engineering Research
Implementation of DevSecOps by Integrating Static and Dynamic Security Testing in CI/CD Pipelines | Litcius