International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 11 Issue: 05 | May 2024
www.irjet.net
p-ISSN: 2395-0072
DEMYSTIFYING DEVSECOPS - SECURITY IN DEVOPS Venkatesh Kunchenapalli Wipro, USA ------------------------------------------------------------------------***------------------------------------------------------------------------I. ABSTRACT DevOps has evolved as a critical set of principles for software teams looking to improve collaboration and automation between development and IT operations [1]-[3]. However, many DevOps toolchains and procedures need to address security concerns adequately [4]-[6]. This article examines the importance of tightly integrating security practices with DevOps, often known as DevSecOps, to push security to the left in the software delivery lifecycle [7]-[9]. The article begins with an overview of DevOps and its benefits, followed by a review of important security vulnerabilities in DevOps systems [10]-[12]. The paper then expands on key DevSecOps principles and techniques, including security automation [13]-[15], infrastructure-as-code security [16]-[18], and shift left testing [19]-[21]. The presentation includes quantitative statistics on the ROI of DevSecOps adoption, which shows dramatically improved release timelines [22]-[24], fewer breaches [25]-[27], and cost savings [28]-[30]. The standard bodies of knowledge and significant open-source and commercial solutions that can help enterprises transition to a DevSecOps model are highlighted [31]-[33]. The report finishes with ideas for maturity models and metrics to guide and track DevSecOps progress [34]-[36]. Keywords: DevSecOps, Security automation, Infrastructure-as-code (IaC) security, Vulnerable software components, CI/CD pipeline security,
INTRODUCTION DevOps has significantly increased business value by accelerating release velocity [37]-[39], improving team collaboration [40]-[42], and enhancing infrastructure scalability and resilience [43]-[45]. However, severe security flaws have arisen in many DevOps settings [46]-[48]. High-profile breaches at major companies like Equifax, JPMorgan Chase, and others have been linked to vulnerabilities caused by quick code updates [49]-[51], misconfigured cloud infrastructure [52]-[54], and a lack of security integration in CI/CD pipelines [55]-[57]. Figure 1 depicts a static image of DevSecOps.
© 2024, IRJET
|
Impact Factor value: 8.226
|
ISO 9001:2008 Certified Journal
|
Page 806