## Design and Practice if Security Architecture via DevSecOps Technology DOI:10.1109/ICSESS54813.2022.9930212


![[Screenshot from 2023-03-15 10-31-39.png]]

![[Screenshot from 2023-03-15 10-31-59.png]]

DevSecOps architecture design is  divided into 10 phases.

DevSecOps architecture is
designed to meet the international leading cloud native security
4C model (CNCF standard: cloud, cluster, container, code) and
security development life cycle (Microsoft standard) evaluation
system, across the two areas of R&D performance and security,
security is introduced into every stage of the R&D process
(DORA Level 5 standard: Integrate security in the
requirements, design, build, test, and deployment phases).

![[Screenshot from 2023-03-15 10-41-07.png]]

## Implementation of DevSecOps by Integrating Static and Dynamic Security Testing in CI/CD Pipelines DOI:10.1109/ICOSNIKOM56551.2022.10034883

https://github.com/lianahq/skinner ==> Python script named Skinner performs
automated security testing with Burp Suite Pro on the GitLab
CI pipeline using the DevSecOps implementation procedure.

## Challenges and solutions when adopting DevSecOps: A systematic review [https://doi.org/10.1016/j.infsof.2021.106700](https://doi.org/10.1016/j.infsof.2021.106700 "Persistent link using digital object identifier")



![[Screenshot from 2023-03-15 13-01-09.png]]
# Challanges About DevSecOps
![[Screenshot from 2023-03-15 13-41-20.png]]
![[Screenshot from 2023-03-15 14-49-53.png]]
![[Screenshot from 2023-03-15 14-50-13.png]]![[Screenshot from 2023-03-15 14-52-15.png]]