DevSecOps: A Multivocal Literature Review
@inproceedings{Myrbakken2017DevSecOpsAM, title={DevSecOps: A Multivocal Literature Review}, author={H{\aa}vard Myrbakken and Ricardo Colomo Palacios}, booktitle={SPICE}, year={2017} }
Involving security in DevOps has been a challenge because traditional security methods have been unable to keep up with DevOps’ agility and speed. DevSecOps is the movement that works on developing and integrating modernized security methods that can keep up with DevOps. This study is meant to give an overview of what DevSecOps is, what implementing DevSecOps means, the benefits gained from DevSecOps and the challenges an organization faces when doing so. To that end, we conducted a multivocal…
77 Citations
Security as Culture: A Systematic Literature Review of DevSecOps
- Computer ScienceICSE
- 2020
DevOps goes beyond automation, continuous integration and delivery processes, since it also encompasses people. In fact, DevOps promotes the collaboration between the development team and the…
Best Practices for Ensuring Security in DevOps: A Case Study Approach
- Computer ScienceJournal of Physics: Conference Series
- 2021
The research serves to find out the best practices that could be implemented to enhance security in DevSecOps to provide best practices covering all the aspects of DevOps.
Preliminary Findings about DevSecOps from Grey Literature
- Computer Science2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)
- 2020
The goal of this study is to report the state of the practice of DevSecOps as well as calling for academia to pay more attention to DevSec Ops, which is still in its infancy.
Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE
- Computer Science, BusinessIEEE Access
- 2020
The study results will assist the practitioners to remove the uncertainty and vagueness in the opinion of DevOps experts to secure DevOps implementation for better and continuous software development process.
Effective DevSecOps Implementation: A Systematic Literature Review
- Computer ScienceRevista Gestão Inovação e Tecnologias
- 2021
This paper outlines methods of effectively implementing DevSec Ops as described in academic literature and uses a grounded theory approach to do a systematic literature review of academic literature to find the factors that contribute to an effective DevSecOps implementation.
Challenges and solutions when adopting DevSecOps: A systematic review
- Computer ScienceInf. Softw. Technol.
- 2022
Problems of CI/CD and DevOps on Security Compliance
- Computer Science
- 2021
This chapter examines the multiple compliance frameworks and architectural principles that can be applied to agile way of working and more precise to CICD pipelines and focuses on the regulatory requirements and cyberthreats that have impact on organisations.
Migration From DevOps to DevSecOps: A Complete Migration Framework, Challenges, and Evaluation
- Computer ScienceInt. J. Cloud Appl. Comput.
- 2022
This paper introduces a complete migration framework from DevOps to DevSecOps and identifies the attributes on which the migration framework can be evaluated.
Dealing with Security in a Real DevOps Environment
- Computer Science, Political ScienceEuroSPI
- 2019
This paper provides a DevOps approach for managing security measures along the DevOps pipeline based on source code analysis at the integration phase, and it is an initial step for injecting security along theDevOps process.
Weaving Security into DevOps Practices in Highly Regulated Environments
- Computer ScienceInt. J. Syst. Softw. Secur. Prot.
- 2018
This work is based on the authors extensive experience in assessing and implementing DevOps across a diverse set of HREs and refers to a security enhanced DevOps implementation in an HRE as HRE-DevSecOps.
References
SHOWING 1-10 OF 69 REFERENCES
SecDevOps: Is It a Marketing Buzzword? - Mapping Research on Security in DevOps
- Computer Science2016 11th International Conference on Availability, Reliability and Security (ARES)
- 2016
The literature from academia and industry is surveyed to identify the main aspects of DevOps and SecDevOps and believe that the terms are not buzzwords, they imply important challenges that the security and software communities shall address to help organizations develop secure software while applying DevOps processes.
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Practices
- Computer Science2016 IEEE/ACM International Workshop on Continuous Software Evolution and Delivery (CSED)
- 2016
The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment by analyzing a selected set of Internet artifacts.
Characterizing DevOps by Hearing Multiple Voices
- Computer ScienceSBES '16
- 2016
A Multivocal Literature Review aiming at characterizing DevOps in multiple perspectives, including data sources from technical and gray literature, and identifying its recurrent principles, practices, required skills, potential benefits, challenges and what motivates the organizations to adopt it is performed.
DevOps: Making It Easy to Do the Right Thing
- EducationIEEE Software
- 2016
Wotif Group used DevOps principles to recover from the downward spiral of manual release activity that many IT departments face and drastically improved the average release cycle time.
Continuous software engineering: A roadmap and agenda
- Computer ScienceJ. Syst. Softw.
- 2017
Continuous deployment of software intensive products and services: A systematic mapping study
- Computer ScienceJ. Syst. Softw.
- 2017
Continuous software engineering—A microservices architecture perspective
- Computer ScienceJ. Softw. Evol. Process.
- 2017
An emerging approach to software development, continuous software engineering (CSE), wherein software of operational quality may be delivered on a very frequent basis, up to many times in a given day, is discussed.
On the journey to continuous deployment: Technical and social challenges along the way
- Business, Computer ScienceInf. Softw. Technol.
- 2015
Modeling continuous integration practice differences in industry software development
- Computer ScienceJ. Syst. Softw.
- 2014
Modern DevOps: Optimizing software development through effective system interactions
- Engineering, Computer Science2014 IEEE International Professional Communication Conference (IPCC)
- 2014
A generalized model of DevOps will be presented and analyzed, offering a formalization of the communications and actors requisite to any effective software development process, and further developed to illustrate the information flow between human and system actors.