Please use this identifier to cite or link to this item:
http://hdl.handle.net/10609/126766
Title: | DevSecOps: Implementación de seguridad en DevOps a través de herramientas open source |
Author: | Castro Sánchez, Jhon Edison |
Director: | Garcia-Font, Victor |
Tutor: | Guijarro, Jordi |
Abstract: | The last decade has seen a rise in popularity of DevOps as a software-development method. This method is shown as a solution to the needs of businesses where shorter release cycles are sought, as well as large numbers of application or feature deployments, which may be up to hundreds of times a week without affecting quality. However, these changes come with the need to evolve the traditional security environment towards one of greater speed that is in the same line of these new practices without sacrificing its protection. This work presents some Open-Source tools that serve as a basis for the automation of security checkpoints in the development and launching phases of the software. These tools include SAST, DAST, SCA, secret analysis, server hardening, docker image verification, and infrastructure-as-code validation. In this job, an operating system (OS) is obtained by running a hardened Ubuntu 20.04 server. A pipeline that meets the basic security criteria for an application in nodejs is also presented. Along the same line, other tools to be used according to the type of programming languages are described. It is also possible to identify that the use of the pipeline created depends on the use case, the language and the business goals. Ultimately, the future work focuses on creating pipelines for serverless-applications, comparing tools for secret storage and management, unified threat-management and alerting. |
Keywords: | DevSecOps Open source gitlab SAST DAST SCA automation continuous integration |
Document type: | info:eu-repo/semantics/masterThesis |
Issue Date: | 29-Dec-2020 |
Publication license: | http://creativecommons.org/licenses/by-nc-nd/3.0/es/ |
Appears in Collections: | Trabajos finales de carrera, trabajos de investigación, etc. |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
jcastrosancheTFM1220memoria.pdf | Memoria del TFM | 4,37 MB | Adobe PDF | View/Open |
Share:
This item is licensed under aCreative Commons License