Please use this identifier to cite or link to this item:
Title: DevSecOps: integración de la seguridad en entornos CI/CD
Author: Padrón Hernández, Juan Jesús
Director: García Font, Víctor
Tutor: Flores Terrón, Miguel Ángel
Keywords: security
Issue Date: Jun-2021
Publisher: Universitat Oberta de Catalunya (UOC)
Abstract: The DevOps culture and agile development methodologies have improved the software development flow, allowing the implementation of new functionalities in less time, a fundamental aspect to stand out in the market compared to other applications. However, the security of the developed software has often been sacrificed, because it has been considered a brake for the implementation of new features. The need to consider security in the DevOps culture while maintaining the agility of the development cycle has given rise to DevSecOps. The objective of this work is to automate security in the software development cycle following the DevSecOps culture. For this purpose, the project studies the existing continuous integration servers and security automation tools. GitHub Actions has been used to develop a continuous integration pipeline in which different security tests have been considered, including secrets scanning, Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and infrastructure security testing. Despite the limitations of this work, related to the lack of budget and not being able to test the product in a real environment, the results are useful for understanding the DevSecOps culture and its application in the enterprise environment. Future research should optimize the performance of the product obtained and include log management and monitoring tools, in order to control the operation of the software in production.
Language: Spanish
Appears in Collections:Bachelor thesis, research projects, etc.

Files in This Item:
File Description SizeFormat 
jjpadronhTFM0621memoria.pdfMemoria del TFM1.62 MBAdobe PDFView/Open

This item is licensed under a Creative Commons License Creative Commons