Corpus ID: 233289821

SecDocker: Hardening the Continuous Integration Workflow

@article{Gonzalez2021SecDockerHT,
  title={SecDocker: Hardening the Continuous Integration Workflow},
  author={David Fern'andez Gonz'alez and F. R. Lera and Gonzalo Esteban and C. F. Llamas},
  journal={ArXiv},
  year={2021},
  volume={abs/2104.07899}
}
Current Continuous Integration processes face significant intrinsic cybersecurity challenges. The idea is not only to solve and test formal or regulatory security requirements of source code but also to adhere to the same principles to the CI pipeline itself. This paper presents an overview of current security issues in CI workflow. It designs, develops, and deploys a new tool for the secure deployment of a container-based CI pipeline flow without slowing down release cycles. The tool, called… Expand

Figures and Tables from this paper

References

SHOWING 1-10 OF 24 REFERENCES
Docker ecosystem - Vulnerability Analysis
CIS docker community edition benchmark
  • PDF. URL https://www. cisecurity.org/benchmark/docker. Available online March,
  • 2021
Ranks, P.: DoD enterprise DevSecOps reference design version 1.0. Tech. rep., Department of Defense, Chief Information Officer (2019)
  • URL https://dodcio.defense.gov/Portals/0/Documents/ DoDEnterpriseDevSecOpsReferenceDesignv1.0_PublicRelease.pdf. Available online March,
  • 2021
A Survey of DevOps Concepts and Challenges
UBCIS: Ultimate Benchmark for Container Image Scanning
Continuous software engineering: A roadmap and agenda
DevOps: Concepts, Practices, Tools, Benefits and Challenges
Trade-offs in continuous integration: assurance, security, and flexibility
Container and Microservice Driven Design for Cloud Infrastructure DevOps
...
1
2
3
...