DeepAI AI Chat
Log In Sign Up

An Empirical Analysis of Practitioners' Perspectives on Security Tool Integration into DevOps

by   Roshan Namal Rajapakse, et al.
The University of Adelaide

Background: Security tools play a vital role in enabling developers to build secure software. However, it can be quite challenging to introduce and fully leverage security tools without affecting the speed or frequency of deployments in the DevOps paradigm. Aims: We aim to empirically investigate the key challenges practitioners face when integrating security tools into a DevOps workflow in order to provide recommendations to overcome them. Method: We conducted a study involving 31 systematically selected webinars on integrating security tools in DevOps. We used a qualitative data analysis method, i.e., thematic analysis, to identify the challenges and emerging solutions related to integrating security tools in rapid deployment environments. Results: We find that while traditional security tools are unable to cater for the needs of DevOps, the industry is moving towards new generations of tools that have started focusing on these requirements. We have developed a DevOps workflow that integrates security tools and a set of guidelines by synthesizing practitioners' recommendations in the analyzed webinars. Conclusion: While the latest security tools are addressing some of the requirements of DevOps, there are many tool-related drawbacks yet to be adequately addressed.


page 1

page 2

page 3

page 4


Challenges and solutions when adopting DevSecOps: A systematic review

Context: DevOps has become one of the fastest growing software developme...

Sonification in security operations centres: what do security practitioners think?

In Security Operations Centres (SOCs) security practitioners work using ...

SecDocker: Hardening the Continuous Integration Workflow

Current Continuous Integration processes face significant intrinsic cybe...

Capturing the Practices, Challenges, and Needs of Transportation Decision-Makers

Transportation decision-makers from government agencies play an importan...

Towards a Secure and Reliable IT-Ecosystem in Seaports

Digitalization in seaports dovetails the IT infrastructure of various ac...

Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices

Cloud-based application deployment is becoming increasingly popular amon...

Confidentiality and Integrity Mechanisms for Microservices Communication

The microservices architecture tries to deal with the challenges posed b...