An Empirical Analysis of Practitioners' Perspectives on Security Tool Integration into DevOps

Abstract: Background: Security tools play a vital role in enabling developers to build secure software. However, it can be quite challenging to introduce and fully leverage security tools without affecting the speed or frequency of deployments in the DevOps paradigm. Aims: We aim to empirically investigate the key challenges practitioners face when integrating security tools into a DevOps workflow in order to provide recommendations to overcome them. Method:We conducted a study involving 31 systematically selected webin… Show more

“…Although the DevOps core ontology is being refined, many first categorisations, also known as pillars, have already existed. The exchange of information is another component in the relational alignment of IT and business [25].…”

“…In light of the results presented by [25], it has been hypothesised that information sharing throughout the strategic alignment process might assist enterprises in developing a competitive advantage. Information sharing, including implicit and explicit domain knowledge, favours alignment performance.…”

“…However, according to previous research, DevOps and IT alignment may both benefit from the structural idea of continuous improvement. [21] [25]. Additionally, to reach greater degrees of business-IT alignment maturity, it is vital for both IT and business to engage in continual improvement [25].…”

Development of an Alignment Model for the Implementation of DevOps in SMEs: An Exploratory Study

“…Although the DevOps core ontology is being refined, many first categorisations, also known as pillars, have already existed. The exchange of information is another component in the relational alignment of IT and business [25].…”

“…In light of the results presented by [25], it has been hypothesised that information sharing throughout the strategic alignment process might assist enterprises in developing a competitive advantage. Information sharing, including implicit and explicit domain knowledge, favours alignment performance.…”

“…However, according to previous research, DevOps and IT alignment may both benefit from the structural idea of continuous improvement. [21] [25]. Additionally, to reach greater degrees of business-IT alignment maturity, it is vital for both IT and business to engage in continual improvement [25].…”

Development of an Alignment Model for the Implementation of DevOps in SMEs: An Exploratory Study

“…Rajapakse et al [6] investigated issues during the integration of security tools into a DevOps workflow by software practitioners. Heijstek [7] also mentioned that both IAST and RASP are emerging tools for secure DevOps and CI/CD environments.…”

“…IAST vulnerability detection tools inject code into, i.e., instrument, the executable form of the application, enabling the tool to scan the source code while also collecting dynamic information from real-time interactions with the application [4,5]. Similarly, Rajapakse et al [6] and Heijstek [7] noted that both IAST and RASP are emerging tools for secure DevOps and CI/CD environments and are not well investigated. On the other hand, RASP tools add another dimension of security to an application in the form of vulnerability exploitation preven-tion by detecting and blocking attacks happening in a real-time production environment.…”

Comparing Effectiveness and Efficiency of Interactive Application Security Testing (Iast) and Runtime Application Self-Protection (Rasp) Tools in A Large Java-Based System

Slide-block: End-to-end amplified security to improve DevOps resilience through pattern-based authentication