Adding security testing in DevOps software development with continuous integration and continuous delivery practices
Viitasuo, Ella (2020)
2020
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2020060316773
https://urn.fi/URN:NBN:fi:amk-2020060316773
Tiivistelmä
In Company X there was found a need for creating a starting point for security testing in software project. As modern software development is moving forwards DevOps and agile type of development this would need to be suitable for that. The aim was to develop a continuous integration and continuous delivery (CI/CD) pipeline to include security testing that could be adopted in DevOps software projects. The pipeline should advocate open source tools that could be accessible for most different size software development projects.
The idea of developing a CI/CD pipeline for modern software projects with integrated security testing came from acknowledging how security is often misunderstood as add-on feature in software instead of build in quality. Software is a huge part of modern society and many software stores and handles sensitive information. How to protect sensitive information, should be considered when designing the software.
Emphasizing the importance of starting security testing even with small software development projects and benefits it can offer, is one of the main elements of the thesis. This thesis discusses about understanding security awareness and small steps that could improve it in development process.
Adding small steps towards building more secure software does not require too much effort or money. Open source tools can offer starting point of understanding security better and developing more secure way of coding. Understanding most common vulnerabilities and how to identify them in the development phase should be standard and easily achievable mission in software development process.
The idea of developing a CI/CD pipeline for modern software projects with integrated security testing came from acknowledging how security is often misunderstood as add-on feature in software instead of build in quality. Software is a huge part of modern society and many software stores and handles sensitive information. How to protect sensitive information, should be considered when designing the software.
Emphasizing the importance of starting security testing even with small software development projects and benefits it can offer, is one of the main elements of the thesis. This thesis discusses about understanding security awareness and small steps that could improve it in development process.
Adding small steps towards building more secure software does not require too much effort or money. Open source tools can offer starting point of understanding security better and developing more secure way of coding. Understanding most common vulnerabilities and how to identify them in the development phase should be standard and easily achievable mission in software development process.