Please use this identifier to cite or link to this item:
http://hdl.handle.net/10609/132367
Title: | DevSecOps: integración de la seguridad en entornos CI/CD |
Author: | Padrón Hernández, Juan Jesús |
Tutor: | Flores Terrón, Miguel Ángel |
Others: | Garcia-Font, Victor |
Abstract: | The DevOps culture and agile development methodologies have improved the software development flow, allowing the implementation of new functionalities in less time, a fundamental aspect to stand out in the market compared to other applications. However, the security of the developed software has often been sacrificed, because it has been considered a brake for the implementation of new features. The need to consider security in the DevOps culture while maintaining the agility of the development cycle has given rise to DevSecOps. The objective of this work is to automate security in the software development cycle following the DevSecOps culture. For this purpose, the project studies the existing continuous integration servers and security automation tools. GitHub Actions has been used to develop a continuous integration pipeline in which different security tests have been considered, including secrets scanning, Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and infrastructure security testing. Despite the limitations of this work, related to the lack of budget and not being able to test the product in a real environment, the results are useful for understanding the DevSecOps culture and its application in the enterprise environment. Future research should optimize the performance of the product obtained and include log management and monitoring tools, in order to control the operation of the software in production. |
Keywords: | security DevSecOps CI/CD |
Document type: | info:eu-repo/semantics/masterThesis |
Issue Date: | Jun-2021 |
Publication license: | http://creativecommons.org/licenses/by-nc-nd/3.0/es/ |
Appears in Collections: | Trabajos finales de carrera, trabajos de investigación, etc. |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
jjpadronhTFM0621memoria.pdf | Memoria del TFM | 1,62 MB | Adobe PDF | View/Open |
Share:
This item is licensed under a Creative Commons License