Please use this identifier to cite or link to this item:
http://hdl.handle.net/10609/95987
| Title: | DevSecOps: integración de herramientas SAST, DAST y de análisis de Dockers en un sistema de integración continua |
| Author: | Caño Quintero, José Joaquín |
| Director: | Garcia-Font, Victor  |
| Tutor: | Canto Rodrigo, Pau del |
| Abstract: | This thesis emerge from the popularity increase of DevSecOps. DevSecOps integrates security in the DevOps process. The main objective of this thesis is the automation of security controls in certain phases of software development. To sum up, in this work will be automate: The static security tests (SAST) through software quality controls and dependency vulnerabilities checking. Dynamic security tests (DAST) through the dynamic analysis of a web application. Infrastructure security by analysing the CVE vulnerabilities of the Dockers images. To this aim, in this thesis have been developed three independent projects in Jenkins which automate each of the previous controls named and allow knowing both the quality of the software and the vulnerabilities in the dependencies, applications and in the infrastructure. In this thesis an extensive use of Dockers is made, from the use of Jenkins Docker to the use of the Dockers images of the different tools integrated. |
| Keywords: | automation DevSecOps computer security |
| Document type: | info:eu-repo/semantics/masterThesis |
| Issue Date: | 4-Jun-2019 |
| Publication license: | http://creativecommons.org/licenses/by-nc-nd/3.0/es/  |
| Appears in Collections: | Trabajos finales de carrera, trabajos de investigación, etc. |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| jjcquinteroTFM0619memoria.pdf | Memoria del TFM | 2,6 MB | Adobe PDF |  View/Open |
Share:
Google Scholar
Microsoft Academic
This item is licensed under a Creative Commons License
