Abstract:Background: Security tools play a vital role in enabling developers to build secure software. However, it can be quite challenging to introduce and fully leverage security tools without affecting the speed or frequency of deployments in the DevOps paradigm. Aims: We aim to empirically investigate the key challenges practitioners face when integrating security tools into a DevOps workflow in order to provide recommendations to overcome them. Method:We conducted a study involving 31 systematically selected webin… Show more
“…Although the DevOps core ontology is being refined, many first categorisations, also known as pillars, have already existed. The exchange of information is another component in the relational alignment of IT and business [25].…”
Section: Research Model and Hypotheses Developmentmentioning
confidence: 99%
“…In light of the results presented by [25], it has been hypothesised that information sharing throughout the strategic alignment process might assist enterprises in developing a competitive advantage. Information sharing, including implicit and explicit domain knowledge, favours alignment performance.…”
Section: Research Model and Hypotheses Developmentmentioning
confidence: 99%
“…However, according to previous research, DevOps and IT alignment may both benefit from the structural idea of continuous improvement. [21] [25]. Additionally, to reach greater degrees of business-IT alignment maturity, it is vital for both IT and business to engage in continual improvement [25].…”
“…Although the DevOps core ontology is being refined, many first categorisations, also known as pillars, have already existed. The exchange of information is another component in the relational alignment of IT and business [25].…”
Section: Research Model and Hypotheses Developmentmentioning
confidence: 99%
“…In light of the results presented by [25], it has been hypothesised that information sharing throughout the strategic alignment process might assist enterprises in developing a competitive advantage. Information sharing, including implicit and explicit domain knowledge, favours alignment performance.…”
Section: Research Model and Hypotheses Developmentmentioning
confidence: 99%
“…However, according to previous research, DevOps and IT alignment may both benefit from the structural idea of continuous improvement. [21] [25]. Additionally, to reach greater degrees of business-IT alignment maturity, it is vital for both IT and business to engage in continual improvement [25].…”
“…Rajapakse et al [6] investigated issues during the integration of security tools into a DevOps workflow by software practitioners. Heijstek [7] also mentioned that both IAST and RASP are emerging tools for secure DevOps and CI/CD environments.…”
Section: Comparing Static Application Security Testing (Sast) and Dyn...mentioning
confidence: 99%
“…IAST vulnerability detection tools inject code into, i.e., instrument, the executable form of the application, enabling the tool to scan the source code while also collecting dynamic information from real-time interactions with the application [4,5]. Similarly, Rajapakse et al [6] and Heijstek [7] noted that both IAST and RASP are emerging tools for secure DevOps and CI/CD environments and are not well investigated. On the other hand, RASP tools add another dimension of security to an application in the form of vulnerability exploitation preven-tion by detecting and blocking attacks happening in a real-time production environment.…”
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.