Please use this identifier to cite or link to this item:
Title: DevSecOps: integración de herramientas SAST, DAST y de análisis de Dockers en un sistema de integración continua
Author: Caño Quintero, José Joaquín
Director: García Font, Víctor
Tutor: Canto Rodrigo, Pau del
Keywords: automation
computer security
Issue Date: 4-Jun-2019
Publisher: Universitat Oberta de Catalunya (UOC)
Abstract: This thesis emerge from the popularity increase of DevSecOps. DevSecOps integrates security in the DevOps process. The main objective of this thesis is the automation of security controls in certain phases of software development. To sum up, in this work will be automate: The static security tests (SAST) through software quality controls and dependency vulnerabilities checking. Dynamic security tests (DAST) through the dynamic analysis of a web application. Infrastructure security by analysing the CVE vulnerabilities of the Dockers images. To this aim, in this thesis have been developed three independent projects in Jenkins which automate each of the previous controls named and allow knowing both the quality of the software and the vulnerabilities in the dependencies, applications and in the infrastructure. In this thesis an extensive use of Dockers is made, from the use of Jenkins Docker to the use of the Dockers images of the different tools integrated.
Language: Spanish
Appears in Collections:Bachelor thesis, research projects, etc.

Files in This Item:
File Description SizeFormat 
jjcquinteroTFM0619memoria.pdfMemoria del TFM2.6 MBAdobe PDFView/Open

This item is licensed under a Creative Commons License Creative Commons