mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-28 07:14:05 -06:00
37 lines
1.5 KiB
Markdown
37 lines
1.5 KiB
Markdown
## Design and Practice if Security Architecture via DevSecOps Technology DOI:10.1109/ICSESS54813.2022.9930212
|
|
|
|
|
|
![[Screenshot from 2023-03-15 10-31-39.png]]
|
|
|
|
![[Screenshot from 2023-03-15 10-31-59.png]]
|
|
|
|
DevSecOps architecture design is divided into 10 phases.
|
|
|
|
DevSecOps architecture is
|
|
designed to meet the international leading cloud native security
|
|
4C model (CNCF standard: cloud, cluster, container, code) and
|
|
security development life cycle (Microsoft standard) evaluation
|
|
system, across the two areas of R&D performance and security,
|
|
security is introduced into every stage of the R&D process
|
|
(DORA Level 5 standard: Integrate security in the
|
|
requirements, design, build, test, and deployment phases).
|
|
|
|
![[Screenshot from 2023-03-15 10-41-07.png]]
|
|
|
|
## Implementation of DevSecOps by Integrating Static and Dynamic Security Testing in CI/CD Pipelines DOI:10.1109/ICOSNIKOM56551.2022.10034883
|
|
|
|
https://github.com/lianahq/skinner ==> Python script named Skinner performs
|
|
automated security testing with Burp Suite Pro on the GitLab
|
|
CI pipeline using the DevSecOps implementation procedure.
|
|
|
|
## Challenges and solutions when adopting DevSecOps: A systematic review [https://doi.org/10.1016/j.infsof.2021.106700](https://doi.org/10.1016/j.infsof.2021.106700 "Persistent link using digital object identifier")
|
|
|
|
|
|
|
|
![[Screenshot from 2023-03-15 13-01-09.png]]
|
|
# Challanges About DevSecOps
|
|
![[Screenshot from 2023-03-15 13-41-20.png]]
|
|
![[Screenshot from 2023-03-15 14-49-53.png]]
|
|
![[Screenshot from 2023-03-15 14-50-13.png]]![[Screenshot from 2023-03-15 14-52-15.png]]
|
|
|