Academic literature on the topic 'CI/CD Security'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'CI/CD Security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "CI/CD Security"
1
Ho-Dac, Hung, and Van-Len Vo. "An Approach to Enhance CI/CD Pipeline with Open-Source Security Tools." European Modern Studies Journal 8, no. 3 (July 30, 2024): 408–13. http://dx.doi.org/10.59573/emsj.8(3).2024.30.
Full textAbstract:
Continuous Integration (CI) and Continuous Deployment (CD) are important aspects in software engineering today. In modern software production organizational models, CI/CD pipeline has become a mandatory element to improve speed and reduce team effort in developing, integrating, and deploying. In the context of increasing information security risks, deploying security tools for the CI/CD pipeline has become an inevitable trend. Deploying information security tools throughout the pipeline according to the "Shift Left" philosophy will help detect information security issues early for timely handling and reduce correction costs. In this research, we present an approach to improve the CI/CD pipeline by integrating information security tools introduced by the Open Source Foundation for Application Security Project (OWASP). In addition, we also present trade-offs when implementing information security into the CI/CD pipeline.
2
Singh, Nikhil. "CI/CD Pipeline for Web Applications." International Journal for Research in Applied Science and Engineering Technology 11, no. 5 (May 31, 2023): 5218–26. http://dx.doi.org/10.22214/ijraset.2023.52867.
Full textAbstract:
Abstract: Modern organisation’s rapid pace of software development necessitates teams delivering high-quality software products faster than ever before. In order to accomplish this, software development teams are incorporating continuous integration and continuous deployment (CI/CD) methodologies into their software development processes. CI/CD pipelines are a set of practises and tools that allow teams to efficiently and reliably automate the development, testing, and deployment of software products. CI/CD pipelines have become an essential tool for teams delivering web applications at a faster pace while ensuring scalability, security, and performance in the context of web applications. This paper provides an overview of the best practises and tools for constructing a successful CI/CD pipeline for web applications. Version control, continuous integration, automated testing, deployment automation, monitoring, and logging are among the key steps covered in the paper. The paper also discusses the advantages and disadvantages of CI/CD pipelines, such as increased productivity, shorter time-to-market, fewer manual errors, and better collaboration between development and operations teams. Several case studies are included in the paperto demonstrate the effectiveness of CI/CD pipelines in web application development. The case studies cover a variety of web applications, such as e-commerce websites, social media platforms, and healthcare apps. Each case study provides practical insights into CI/CD pipeline implementation, including the tools and technologies used, the benefits realised, and the challenges encountered. The case studies also emphasise the importance of culture and collaboration in CI/CD pipeline implementation success. The paper also discusses the key tools and technologies used in web application CI/CD pipelines, such as Git, Jenkins, Docker, Kubernetes, and AWS. The paper provides an overview of these tools as well as their role in various stages of the CI/CD pipeline. The paper also discusses the importance ofsecurity in CI/CD pipelines, as well as an overview of the key security practices that must be implemented
3
Ameta, Upasana, and Ruchi Vyas. "Application Deployment Automation by Streamlining CI/CD Pipelines." Asian Journal of Engineering and Applied Technology 12, no. 1 (May 24, 2023): 23–27. http://dx.doi.org/10.51983/ajeat-2023.12.1.3598.
Full textAbstract:
Conceptualize a scenario where the development, actions, quality affirmation, and information surveillance teams collaborate with the product owners to guarantee that the organisation achieves its goals for profitability, security, and cost-cutting. Together, they achieve world-class stability, reliability, availability, and security while conducting multiple number of code deployments each day. This enables the quick progress of planned work into creation. The testing of apps and InfoSec operations only take place at the conclusion of a project when it is too late to make any corrections. Development and IT Operations are adversaries in our environment. If any problems are found, and nearly every important task requires excessive amounts of backbreaking labour and handoffs, keeping us waiting all the while. The work quality, particularly the deployment of product, is challenging and disordered as a result, which has an adverse effect on customers and the business. This not only adds to the extraordinarily long lead times for getting anything done. As a result, there is lack of goals, and the whole company is dissatisfied with developers’ performance, which leads to decrement in budget and frustrated workers feel incapable to modify the scenario and its results. The major objective is to build a platform for developers that can compile, test and run the application with the least specifications and configurations and also conceptualize the piece of deployment with a more relaxed architecture and a small learning period so that developers can take full advantage of multiple platforms available as a cloud service without any inconvenience.
4
Bhardwaj, Arvind Kumar, P. K. Dutta, and Pradeep Chintale. "Securing Container Images through Automated Vulnerability Detection in Shift-Left CI/CD Pipelines." Babylonian Journal of Networking 2024 (August 20, 2024): 162–70. http://dx.doi.org/10.58496/bjn/2024/016.
Full textAbstract:
Integrating shift-left security practices and automated vulnerability detection in container images is imperative for modern software development, given the dynamics and vulnerability landscape. This crucial methodology emphasizes security from the initial stages of integration in container-based environments like Docker and Kubernetes. The paper examines containerization security challenges, including image vulnerabilities, insecure configurations, runtime risks, weak orchestration security, and supply chain weaknesses, while stressing compliance with regulatory rules. It explores how this automated approach leverages vulnerability detection methods integrated into Continuous Integration/Continuous Deployment (CI/CD) pipelines through static and dynamic analyses, vulnerability databases, and policy-enforcement mechanisms. Beyond identifying vulnerabilities in CI/CD pipelines, the paper outlines methods to avoid policy violations, mitigate vulnerable images, and prevent recurring practices. Importantly, it underscores the continuous enforcement and remediation of policies and security standards. Security teams must invest efforts in developing policies, automated executions, and remediation procedures, fostering cross-departmental collaboration. In essence, this proactive stance aims to enhance software security, reduce risks, and improve adherence in containerized ecosystems, making it an indispensable component of modern software development.
5
Thatikonda, Vamsi Krishna. "Beyond the Buzz: A Journey Through CI/CD Principles and Best Practices." European Journal of Theoretical and Applied Sciences 1, no. 5 (September 1, 2023): 334–40. http://dx.doi.org/10.59324/ejtas.2023.1(5).24.
Full textAbstract:
Continuous Integration and Continuous Deployment (CI/CD) are pivotal in modern software development. Shifting from the classic waterfall models, the current age is dominated by Agile methodologies and DevOps practices. This article explores CI and CD's core principles, differences, and similarities. It touches upon essential techniques such as automation, ensuring consistency, and the importance of quick feedback mechanisms. Beyond these, the discussion extends to cutting-edge methods, infrastructure as code, potential security considerations, and monitoring within CI/CD environments. While CI/CD offers numerous benefits, it's essential to acknowledge its challenges, which necessitate attention and action. With an ever-evolving landscape featuring trends like AI/ML integration into CI/CD, businesses find themselves at a juncture where embracing and finetuning CI/CD is vital for competent software delivery.
6
Muñoz, Antonio, Aristeidis Farao, Jordy Ryan Casas Correia, and Christos Xenakis. "P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements." Information 12, no. 9 (August 31, 2021): 357. http://dx.doi.org/10.3390/info12090357.
Full textAbstract:
During the past decade, software development has evolved from a rigid, linear process to a highly automated and flexible one, thanks to the emergence of continuous integration and delivery environments. Nowadays, more and more development teams rely on such environments to build their complex projects, as the advantages they offer are numerous. On the security side however, most environments seem to focus on the authentication part, neglecting other critical aspects such as the integrity of the source code and the compiled binaries. To ensure the soundness of a software project, its source code must be secured from malicious modifications. Yet, no method can accurately verify that the integrity of the project’s source code has not been breached. This paper presents P2ISE, a novel integrity preserving tool that provides strong security assertions for developers against attackers. At the heart of P2ISE lies the TPM trusted computing technology which is leveraged to ensure integrity preservation. We have implemented the P2ISE and quantitatively assessed its performance and efficiency.
7
Shanmukhi, Bhaskara Sahithi. "Implementing and Using CI/CD: Addressing Key Challenges Faced by Software Developers." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 08, no. 008 (August 22, 2024): 1–3. http://dx.doi.org/10.55041/ijsrem37128.
Full textAbstract:
Software development teams that want to increase the calibre, dependability, and velocity of their software releases must implement continuous integration and delivery (CI/CD) techniques. Developers must now overcome several obstacles as a result of this shift, including the necessity to automate testing and deployment procedures, uphold strict version control, and promote cooperation between the development, testing, and operations teams. This article looks at the main obstacles that developers face when implementing and using CI/CD, and it does so by analysing case studies and current industry research to shed light on real-world obstacles and possible solutions. Keywords Continuous Integration (CI), Continuous Delivery (CD), Automation, Version Control, Security Challenges, Test Automation, Scalability, Integration Complexity, Tool Compatibility, System Design, Resource Management, Skill Gaps, Workflow Vulnerabilities.
8
Phani Monogya Katikireddi, Prudhvi Singirikonda, and Yeshwanth Vasa. "REVOLUTIONIZING DEVOPS WITH QUANTUM COMPUTING: ACCELERATING CI/CD PIPELINES THROUGH ADVANCED COMPUTATIONAL TECHNIQUES." Innovative Research Thoughts 7, no. 2 (June 30, 2021): 97–103. http://dx.doi.org/10.36676/irt.v7.i2.1482.
Full textAbstract:
Inframe to the CI/CD processes in DevOps Quantum computing is one of the most influential innovations since it can gain unique computational power and optimization benefits. This paper is a quantitative study exploring the extent of change that quantum computing brings to CI/CD pipelines using simulation analysis and real-time use case testing. The research shows improvements in computational speed, deployment speed, and resource utilization to support more reliable DevOps. Furthermore, real-life use cases that employ quantum computing to improve CI/CD processes regarding security and speed are also explained. However, as with any new technology, it is not without drawbacks, and this paper also explores the technological, integration, and skill-related concerns that limit quantum computing in today's DevOps landscape and offer tangible solutions.
9
Jayaprakash Malgund, Spoorthi, and Dr Sowmyarani C N. "AUTOMATING DEPLOYMENTS OF THE LATEST APPLICATION VERSION USING CI-CD WORKFLOW." International Journal of Engineering Applied Sciences and Technology 7, no. 5 (September 1, 2022): 99–103. http://dx.doi.org/10.33564/ijeast.2022.v07i05.017.
Full textAbstract:
The actions a developer should take to deploy a new version of a software product are essentially specified by a CI CD pipeline. The developer would still have to perform the same tasks manually, which is much less efficient if the pipeline is not automated. Thus, the steps listed below are experienced by most software releases. We give an overview of how a secure SDLC process, along with continuous integration and continuous deployment, is used to automate the deployment of a new version of an application. This allows software development teams to concentrate on meeting business requirements while ensuring code quality and software security.
10
Chandrasekhara Mokkapati, Shalu Jain, and Pandi Kirupa Gopalakrishna Pandian. "Implementing CI/CD in Retail Enterprises: Leadership Insights for Managing Multi-Billion Dollar Projects." Innovative Research Thoughts 9, no. 1 (March 30, 2023): 391–405. http://dx.doi.org/10.36676/irt.v9.i1.1458.
Full textAbstract:
In the fast-paced world of retail enterprises, the adoption of Continuous Integration and Continuous Deployment (CI/CD) has become a cornerstone for driving agility, innovation, and competitive advantage. This paper explores the critical leadership insights necessary for successfully managing CI/CD implementations in multi-billion-dollar retail projects. Retail enterprises face unique challenges, including complex legacy systems, diverse technology stacks, and the need for seamless integration across global operations. These complexities require a strategic approach to CI/CD that balances technical excellence with business objectives. Leadership plays a pivotal role in navigating these challenges, ensuring that CI/CD initiatives align with organizational goals while delivering tangible benefits such as reduced time-to-market, enhanced software quality, and improved customer experiences. Effective leadership in CI/CD implementation involves fostering a culture of collaboration, continuous learning, and resilience among cross-functional teams. Leaders must also champion the adoption of DevOps practices, which are essential for breaking down silos and promoting a unified approach to software development and operations. The paper delves into the key leadership competencies required for CI/CD success in large-scale retail environments. These include visionary thinking, change management, risk mitigation, and the ability to inspire and motivate teams amidst complex project dynamics. It also highlights the importance of aligning CI/CD strategies with broader digital transformation initiatives, ensuring that retail enterprises can adapt to evolving market demands while maintaining operational efficiency. Furthermore, the paper examines the role of technology in enabling CI/CD in retail enterprises. It discusses the selection of appropriate tools and platforms, the importance of automation in achieving scalability, and the need for robust monitoring and feedback mechanisms to ensure continuous improvement. Leaders must be adept at making informed decisions regarding technology investments, ensuring that CI/CD pipelines are resilient, secure, and capable of handling the scale and complexity of retail operations. One of the critical aspects of CI/CD implementation in retail enterprises is managing stakeholder expectations. Leaders must engage with stakeholders across various levels, including executives, IT teams, and business units, to build consensus and drive alignment. Clear communication, transparency, and a focus on measurable outcomes are essential for gaining stakeholder buy-in and ensuring the success of CI/CD initiatives. The paper also addresses the challenges and risks associated with CI/CD in multi-billion-dollar retail projects, such as the potential for disruption to existing operations, the complexities of integrating with legacy systems, and the need for robust security and compliance measures. Leadership must be proactive in identifying and mitigating these risks, ensuring that CI/CD initiatives are executed with minimal disruption to the business. Finally, the paper offers practical recommendations for retail leaders looking to implement CI/CD at scale. These include developing a clear roadmap for CI/CD adoption, investing in talent and training, and leveraging data-driven insights to continuously optimize processes. By embracing these strategies, retail enterprises can unlock the full potential of CI/CD, driving innovation, efficiency, and competitive advantage in a rapidly evolving market landscape.
Dissertations / Theses on the topic "CI/CD Security"
1
Persson, Simone. "List of Security Concerns within Continuous Software Evolution." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-254881.
Full textAbstract:
The amount of data being collected is increasing astronomically. Hence questions about privacy and data security are becoming more important than ever. A fast-changing culture is also reflected in the demands and requirements placed on software systems. Products and services need to evolve with the demands and feedback from customers to stay relevant on the market. Working methods and technologies have been refined to afford updating software continuously. However, rapidly changing software cause concern for the quality and level of security in the release. This thesis is a comprehensive literature study, reviewing the challenges of ensuring secure practises for continuously evolving software. The problem solved by the thesis is lack of an overall picture of the security concerns during continuous evolution. The findings are summarised in a checklist of areas of concern for security when maintaining and updating systems with continuous practises in cloud environments. This study shows that ensuring security, while delivering continuous releases, is a daunting task. It requires close collaboration between teams handling different aspects of software. This, in turn, entails a widening of competences to include knowledge about the work of other departments. It is concluded that personnel with this wide range of skill will be hard to acquire.I en tid då mängden data som samlas in om individer ökar i ohindrad takt, blir frågor om integritet och informationssäkerhet viktigare än någonsin. Kraven på snabb utveckling och förändring präglar även metoderna för mjukvaruutveckling. Produkter och tjänster måste konstant anpassas efter kundernas önskemål för att förbli relevant på marknaden. Arbetssätt och teknologier har utvecklats över tid för att möjliggöra mjukvara som uppdateras kontinuerligt. Konstant föränderlig mjukvara leder dock till oro för kvalitén och säkerheten av uppdateringarna. Den här uppsatsen är en litteraturstudie som undersöker utmaningarna att säkerställa säkerhet för mjukvara som uppdateras kontinuerligt. Problemet som löses genom studien är den saknade helhetsbilden av säkerhetsproblem vid kontinuerligt föränderlig mjukvara. Resultatet sammanfattas i en checklista för områden som väcker oro för säkerheten vid arbetssätt som tillåter kontinuerliga uppdateringar i moln-miljöer. Studien visar att leverera säkra lösningar kontinuerligt är en svår uppgift. Det kräver nära samarbete mellan team som sköter olika delar av mjukvaruutveckling. Detta fordrar vida kompetenser som inkluderar förståelse av varandras arbete. Att finna personal med tillräckligt vida kompetenser uppskattas vara problematiskt.
2
Moriconi, Florent. "Amélioration du cycle de développement logiciel via des approches basées sur les données." Electronic Thesis or Diss., Sorbonne université, 2024. http://www.theses.fr/2024SORUS164.
Full textAbstract:
Cette thèse explore les approches basées sur les données pour l'analyse automatique des causes profondes des échecs de construction dans les systèmes d'intégration continue et de déploiement continu (CI/CD), en se concentrant sur l'identification des échecs non déterministes, la localisation des messages de cause profonde dans les journaux de construction, et la caractérisation de la performance et de la sécurité des systèmes CI/CD. Basée sur des ensembles de données publics et industriels, nous explorons les propriétés des flux de travail CI/CD, telles que les temps d'exécution et les modèles d'échec. La recherche introduit l'utilisation du traitement du langage naturel (NLP) et des embeddings de graphes de connaissances (KGE) pour classifier les échecs de construction avec une précision de 94%. De plus, nous introduisons ChangeMyMind, une nouvelle méthode basée sur les réseaux neuronaux récurrents (RNNs) pour localiser avec précision les messages de cause profonde dans les journaux de construction sans étiquetage préalable des messages de cause profonde. Nous proposons X-Ray-TLS, une approche générique et transparente pour inspecter le trafic réseau chiffré TLS dans les environnements CI/CD. Enfin, la thèse revisite également les vulnérabilités de sécurité dans les systèmes CI/CD, démontrant le potentiel de compromissions à long terme indétectables. Ce travail a abouti à trois publications et deux soumissions en cours de révision, contribuant de manière significative à l'analyse et à l'optimisation des systèmes CI/CDThis thesis explores data-driven approaches for automated root cause analysis of CI/CD build failures, focusing on identifying non-deterministic failures, locating root cause messages in build logs, and characterizing CI/CD systems' performance and security. Grounded on public and industrial datasets, we explore CI/CD workflow properties, such as execution times and failure patterns. The research introduces the use of Natural Language Processing (NLP) and Knowledge Graphs Embeddings (KGE) for classifying build failures with a 94% accuracy. Additionally, we introduce ChangeMyMind, a new method based on Recurrent Neural Networks (RNNs) to accurately locate root cause messages in build logs without prior labeling of root cause messages. We propose X-Ray-TLS, a generic and transparent approach for inspecting TLS-encrypted network traffic in CI/CD environments. Finally, the thesis also revisits security vulnerabilities in CI/CD systems, demonstrating the potential for undetectable long-term compromises. This work has resulted in three publications and two under-review submissions, contributing significantly to CI/CD system analysis and optimization
3
Brás, André Emanuel Raínho. "Container security in CI/CD pipelines." Master's thesis, 2021. http://hdl.handle.net/10773/31292.
Full textAbstract:
The rising of the DevOps movement and the transition from a product economy
to a service economy drove significant changes in the software development
life cycle paradigm, among which the dropping of the waterfall in favor of
agile methods. Since DevOps is itself an agile method, it allows us to monitor
current releases, receiving constant feedback from clients, and improving
the next software releases. Despite its extraordinary development, DevOps
still presents limitations concerning security, which needs to be included in the
Continuous Integration or Continuous Deployment pipelines (CI/CD) used in
software development.
The massive adoption of cloud services and open-source software, the widely
spread containers and related orchestration, as well as microservice architectures,
broke all conventional models of software development. Due to these
new technologies, packaging and shipping new software is done in short periods
nowadays and becomes almost instantly available to users worldwide.
The usual approach to attach security at the end of the software development
life cycle (SDLC) is now becoming obsolete, thus pushing the adoption of DevSecOps
or SecDevOps, by injecting security into SDLC processes earlier
and preventing security defects or issues from entering into production.
This dissertation aims to reduce the impact of microservices’ vulnerabilities by
examining the respective images and containers through a flexible and adaptable
set of analysis tools running in dedicated CI/CD pipelines. This approach
intends to provide a clean and secure collection of microservices for later release
in cloud production environments. To achieve this purpose, we have
developed a solution that allows programming and orchestrating a battery of
tests. There is a form where we can select several security analysis tools, and
the solution performs this set of tests in a controlled way according to the defined
dependencies. To demonstrate the solution’s effectiveness, we program
a battery of tests for different scenarios, defining the security analysis pipeline
to incorporate various tools. Finally, we will show security tools working locally,
which subsequently integrated into our solution return the same results.A ascensão da estratégia DevOps e a transição de uma economia de produto para uma economia de serviços conduziu a mudanças significativas no paradigma do ciclo de vida do desenvolvimento de software, entre as quais o abandono do modelo em cascata em favor de métodos ágeis. Uma vez que o DevOps é parte integrante de um método ágil, permite-nos monitorizar as versões actuais, recebendo feedback constante dos clientes, e melhorando as próximas versões de software. Apesar do seu extraordinário desenvolvimento, o DevOps ainda apresenta limitações relativas à segurança, que necessita de ser incluída nas pipelines de integração contínua ou implantação contínua (CI/CD) utilizadas no desenvolvimento de software. A adopção em massa de serviços na nuvem e software aberto, a ampla difusão de contentores e respectiva orquestração bem como das arquitecturas de micro-serviços, quebraram assim todos os modelos convencionais de desenvolvimento de software. Devido a estas novas tecnologias, a preparação e expedição de novo software é hoje em dia feita em curtos períodos temporais e ficando disponível quase instantaneamente a utilizadores em todo o mundo. Face a estes fatores, a abordagem habitual que adiciona segurança ao final do ciclo de vida do desenvolvimento de software está a tornar-se obsoleta, sendo crucial adotar metodologias DevSecOps ou SecDevOps, injetando a segurança mais cedo nos processos de desenvolvimento de software e impedindo que defeitos ou problemas de segurança fluam para os ambientes de produção. O objectivo desta dissertação é reduzir o impacto de vulnerabilidades em micro-serviços através do exame das respectivas imagens e contentores por um conjunto flexível e adaptável de ferramentas de análise que funcionam em pipelines CI/CD dedicadas. Esta abordagem pretende fornecer uma coleção limpa e segura de micro-serviços para posteriormente serem lançados em ambientes de produção na nuvem. Para atingir este objectivo, desenvolvemos uma solução que permite programar e orquestrar uma bateria de testes. Existe um formulário onde podemos seleccionar várias ferramentas de análise de segurança, e a solução executa este conjunto de testes de uma forma controlada de acordo com as dependências definidas. Para demonstrar a eficácia da solução, programamos um conjunto de testes para diferentes cenários, definindo as pipelines de análise de segurança para incorporar várias ferramentas. Finalmente, mostraremos ferramentas de segurança a funcionar localmente, que posteriormente integradas na nossa solução devolvem os mesmos resultados.
Mestrado em Engenharia Informática
4
Zhygulskyy, Mykyta. "AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION." Master's thesis, 2021. http://hdl.handle.net/10400.8/5786.
Full textAbstract:
This report is made within the Curricular Unit (UC) Project, in the 2nd year of
the Master in Cyber-security and Forensic Informatics (MCIF) provided by the
Polytechnic Institute of Leiria (IPL). The purpose of this project is to study SQL
Injection vulnerabilities in web applications. According to OWASP (Open Web
Application Security Project) [20][19], this is one of the more prevalent attacks on
web applications. As part of this work a web application was implemented, which
can from a URL address, go through all the endpoints of the target application
and test for SQL Injection vulnerabilities. The application also makes allows for
scheduling of the tests and it is integrable with Continuous Integration / Continuous
Delivery (CI/CD) environments. According to the literature on the subject, there
are several algorithms that can be employed to test for existing SQL Injection
vulnerabilities in a web application. In this document, we analyze them both from
a theoretical and an implementation point of view. In order to better understand
the subject, and produce a useful tool in this space. With the development of this
project, we concluded that it is possible to integrate SQL vulnerability tests, with
CI/CD pipeline and automate the development process of an application, with the
execution of SQL injection tests in an automated way.
Books on the topic "CI/CD Security"
1
Cherukuri, Sai Sravan. Securing the CI/CD Pipeline: Best Practices for DevSecOps. Bellevue Publishers, 2024.
Find full textBook chapters on the topic "CI/CD Security"
1
Dingare, Pranoday Pramod. "Managing Security with Jenkins." In CI/CD Pipeline Using Jenkins Unleashed, 55–67. Berkeley, CA: Apress, 2022. http://dx.doi.org/10.1007/978-1-4842-7508-5_7.
Full text
2
Dakic, Vedran, Jasmin Redzepagic, and Matej Basic. "CI/CD Toolset Security." In DAAAM Proceedings, 0161–64. DAAAM International Vienna, 2022. http://dx.doi.org/10.2507/33rd.daaam.proceedings.022.
Full text
3
Bobbert, Yuri, and Maria Chtepen. "Problems of CI/CD and DevOps on Security Compliance." In Strategic Approaches to Digital Platform Security Assurance, 256–85. IGI Global, 2021. http://dx.doi.org/10.4018/978-1-7998-7367-9.ch007.
Full textAbstract:
In this chapter, the authors define the main problems when working on products in DevOps Teams and on CI/CD pipelines with regard to security and risk management. It focusses on the regulatory requirements and cyberthreats that have impact on organisations. Regulator requirements vary from industry and country. Working with multiple teams on products requires proper alignment in frameworks, controls, and architecture principles in order to be end-to-end protected throughout the connected platforms. This chapter examines the multiple compliance frameworks and architectural principles that can be applied to agile way of working and more precise to CICD pipelines. It defines the main problem statement and questions the authors wanted to answer. The authors looked with a lens of regulated industry since this industry suffers the most and therefore has the biggest benefit from this research project.
4
Nanda, Ashok Kumar, Abhishek Sharma, P. John Augustine, B. Rex Cyril, Venneti Kiran, and Boopathi Sampath. "Securing Cloud Infrastructure in IaaS and PaaS Environments." In Improving Security, Privacy, and Trust in Cloud Computing, 1–33. IGI Global, 2024. http://dx.doi.org/10.4018/979-8-3693-1431-9.ch001.
Full textAbstract:
Cloud computing has revolutionized IT infrastructure deployment and management, but it also presents security and resilience challenges. The study delves into the principles and strategies of cloud security to safeguard cloud environments and guarantee business continuity. It explains the concepts of infrastructure as a service (IaaS) and platform as a service (PaaS), their benefits and challenges, and the complex web of security principles within the cloud, including the shared responsibility model, best practices, and identity and access management. The guide explores cloud threats, focusing on common threats and emerging trends. It covers data security, network security measures, and security monitoring. It emphasizes integrating security into DevOps, securing CI/CD pipelines, and infrastructure as code (IaC) security. It covers disaster recovery, business continuity, cloud backup strategies, high availability, and cloud-based solutions, enabling organizations to effectively manage cloud security and resilience.
5
Bobbert, Yuri, and Maria Chtepen. "Research Findings in the Domain of CI/CD and DevOps on Security Compliance." In Strategic Approaches to Digital Platform Security Assurance, 286–307. IGI Global, 2021. http://dx.doi.org/10.4018/978-1-7998-7367-9.ch008.
Full textAbstract:
This chapter studies the mapping of governance and security control objectives impacted by DevOps to the corresponding DevOps control objectives. These DevOps objectives introduce either an opportunity or a risk for the achievement of the security and governance control objectives. Finally, the artifact defines a list of SecDevOps controls that have proven to be effective in combining the agility of the DevOps paradigm with the security compliance assurance. The authors examine in collaboration with experts the multiple frameworks to be suitable. The authors define SecDevOps controls that have proven to be effective in combining the agility of the DevOps paradigm with the security compliance assurance. To design this artefact, four widely-used frameworks/standards (COBIT 5, NIST cybersecurity framework, NIST SP 800-53, and ISO 27002) were reviewed for sufficiently detailed security and privacy control objectives and controls. Based on these criteria, NIST SP 800-53 and ISO 27002 standards were selected for comparison and mapping with (Sec)DevOps controls in this research.
6
Bobbert, Yuri, and Maria Chtepen. "Findings and Core Practices in the Domain of CI/CD and DevOps on Security Compliance." In Strategic Approaches to Digital Platform Security Assurance, 308–13. IGI Global, 2021. http://dx.doi.org/10.4018/978-1-7998-7367-9.ch009.
Full textAbstract:
In this chapter, the authors describe the findings and conclusions on “The SecDevOps Capability Artifact.” It is validated by means of an extensive academic literature review and interviews with multiple domain experts and practitioners. An additional validation was performed by comparing the findings of this study with high-level implementation and operational guidance of the DoD enterprise DevSecOps reference design report. The report has as a purpose to describe the DevSecOps lifecycle and supporting pillars, in line with NIST cybersecurity framework, which is a high-level framework building upon specific controls and processes defined by NIST SP 800-53, COBIT 5, and ISO 27000 series. This chapter is concluded with a pragmatic set of core practices academics, and practitioners can use them to ensure security compliance in CI/CD pipelines that ultimately enable teams to work agile on digital platforms.
7
Eigenbrode, Shelbee, and Suheil Nassar. "Design and Implementation of Service Management in DevOps Enabled Cloud Computing Models." In Handbook of Research on End-to-End Cloud Computing Architecture Design, 326–47. IGI Global, 2017. http://dx.doi.org/10.4018/978-1-5225-0759-8.ch014.
Full textAbstract:
This chapter examines the importance of including value-add service management practices early in the Continuous Integration/Continuous Delivery (CI/CD) pipeline. The authors will also address the importance of establishing a balance between the development and delivery of features with the development and delivery of practices that support overall infrastructure and service management capabilities. Without fully encompassing all of these practices, the DevOps benefits of reducing time-to-market for a set of features can be negated by a potential increase in security exposures as well as overall quality issues. Within this chapter, several key service management practices are identified as well as the importance of fully incorporating those practices into a DevOps adoption.
Conference papers on the topic "CI/CD Security"
1
Shevchuk, Ruslan, Mikolaj Karpinski, Mykhailo Kasianchuk, Ihor Yakymenko, Andriy Melnyk, and Roman Tykhyi. "Software for Improve the Security of Kubernetes-based CI/CD Pipeline." In 2023 13th International Conference on Advanced Computer Information Technologies (ACIT). IEEE, 2023. http://dx.doi.org/10.1109/acit58437.2023.10275654.
Full text
2
Marandi, Manohar, A. Bertia, and Salaja Silas. "Implementing and Automating Security Scanning to a DevSecOps CI/CD Pipeline." In 2023 World Conference on Communication & Computing (WCONF). IEEE, 2023. http://dx.doi.org/10.1109/wconf58270.2023.10235015.
Full text
3
Rangnau, Thorsten, Remco v. Buijtenen, Frank Fransen, and Fatih Turkmen. "Continuous Security Testing: A Case Study on Integrating Dynamic Security Testing Tools in CI/CD Pipelines." In 2020 IEEE 24th International Enterprise Distributed Object Computing Conference (EDOC). IEEE, 2020. http://dx.doi.org/10.1109/edoc49727.2020.00026.
Full text
4
Putra, Agung Maulana, and Herman Kabetta. "Implementation of DevSecOps by Integrating Static and Dynamic Security Testing in CI/CD Pipelines." In 2022 IEEE International Conference of Computer Science and Information Technology (ICOSNIKOM). IEEE, 2022. http://dx.doi.org/10.1109/icosnikom56551.2022.10034883.
Full textReports on the topic "CI/CD Security"
1
D'Onofrio, Dominic. CI/CD Pipeline and DevSecOps Integration for Security and Load Testing. Office of Scientific and Technical Information (OSTI), August 2023. http://dx.doi.org/10.2172/2430395.
Full text
2
Chandramouli, Ramaswamy. Strategies for Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines. Gaithersburg, MD: National Institute of Standards and Technology, 2023. http://dx.doi.org/10.6028/nist.sp.800-204d.
Full text