Containerised QA testing on Azure Public Cloud for Company X Oy
Ihuoma, Phineese Anthony (2025)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025100225488
https://urn.fi/URN:NBN:fi:amk-2025100225488
Tiivistelmä
This thesis examines the implementation of containerised QA testing on Azure Public Cloud for Company X Oy. The company, serving various clients, aims to enhance software development, resource allocation, and project management through containerisation. In this project the company remains anonymous for the protection of sensitive and private information. Containerisation provides consistent, scalable environments, improving collaboration and reducing redundancy.
This research puts DevSecOps principles into practice by embedding security across the entire software lifecycle, starting from design and build to deployment and monitoring. In this setup, Azure Kubernetes Service (AKS), GitHub Actions, and Azure Monitor tools play key roles in automating both testing and deployment. Security is built directly into the CI/CD pipelines using steps like policy enforcement, vulnerability scanning, and secret management. It became evident that by keeping QA environments isolated, the associated risks would be curtailed, thereby ensuring tests run more reliably.
Azure-native tools such as Key Vault, Defender for Cloud, and Azure Policy help secure configurations, manage secrets, and support compliance with governance and regulatory requirements. Combined with continuous monitoring, this container-based QA testing with an integrated DevSecOps model centralises policy control and access management, keeping applications secure and compliant during rapid development cycles.
The research involves designing and testing containerised QA environments, evaluating performance outcomes, and analysing how DevSecOps contributes to scalable and secure QA testing operations. By reducing manual intervention and embedding security automation, Company X Oy gains quality output. The findings provide practical insights for start-ups and small enterprises adopting cloud-based QA systems aligned with business goals and evolving security needs.
This research puts DevSecOps principles into practice by embedding security across the entire software lifecycle, starting from design and build to deployment and monitoring. In this setup, Azure Kubernetes Service (AKS), GitHub Actions, and Azure Monitor tools play key roles in automating both testing and deployment. Security is built directly into the CI/CD pipelines using steps like policy enforcement, vulnerability scanning, and secret management. It became evident that by keeping QA environments isolated, the associated risks would be curtailed, thereby ensuring tests run more reliably.
Azure-native tools such as Key Vault, Defender for Cloud, and Azure Policy help secure configurations, manage secrets, and support compliance with governance and regulatory requirements. Combined with continuous monitoring, this container-based QA testing with an integrated DevSecOps model centralises policy control and access management, keeping applications secure and compliant during rapid development cycles.
The research involves designing and testing containerised QA environments, evaluating performance outcomes, and analysing how DevSecOps contributes to scalable and secure QA testing operations. By reducing manual intervention and embedding security automation, Company X Oy gains quality output. The findings provide practical insights for start-ups and small enterprises adopting cloud-based QA systems aligned with business goals and evolving security needs.