ISSN Approved Journal || eISSN: 2582-8185 || CODEN: IJSRO2 || Impact Factor 8.2 || Google Scholar and CrossRef Indexed
Fast Publication within 48 hours || Low Article Processing Charges || Peer Reviewed and Referred Journal || Free Certificate
Integrating Security into CI/CD Pipelines: A DevSecOps Approach with SAST, DAST, and SCA Tools
Accenture Solutions Pvt. LTD, INDIA.
Review
International Journal of Science and Research Archive, 2021, 03(01), 250-265.
Article DOI: 10.30574/ijsra.2021.3.1.0080
Publication history:
Received on 17 June 2021; revised on 22 August 2021; accepted on 26 August 2021
Abstract:
Continuous Integration and Continuous Deployment (CI/CD), which was rapidly adopted by the software development industry, turned into a fast-paced process, causing new insecurity to be generated. This paper explains how we support the implementation of such DevSecOps by SDI (merging security in SD) with CI/CD process by combining SDI instruments of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) instruments. In this manner, security measures maintain equal development speed during development, while vulnerabilities are detected before their respective development stage ends. This research contributes scientific evidence with production use cases to demonstrate the usefulness of SAST, DAST, and SCA technologies in strengthening the effectiveness of CI/CD pipeline security. These tools are deployed so that the application can expose the security risks before the deployment dates, thereby ensuring that the application promotes security standards across the development teams. Security is embedded into core development procedures through DevSecOps, which performs security at each development stage rather than at the end. Risk reduction, trust levels, and compliance standards are augmented in the transition, and these are most critical in sectors that process sensitive information, such as retail and e-commerce. According to research data, security protection must be present before it comes to the market so that methods of protection can be implemented according to industry standards and meet the requirements of protecting digital systems from new cyber threats and vulnerabilities in a dynamically changing digital environment.
Keywords:
CI/CD Pipelines; DevSecOps; SAST Tools; DAST Tools; SCA Tools; Retail & E-Commerce Security
Full text article in PDF:
Copyright information:
Copyright © 2021 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0
