SecDocker: Hardening the Continuous Integration Workflow

Current Continuous Integration processes face significant intrinsic cybersecurity challenges. The idea is not only to solve and test formal or regulatory security requirements of source code but also to adhere to the same principles to the CI pipeline itself. This paper presents an overview of current security issues in CI workflow. It designs, develops, and deploys a new tool for the secure deployment of a container-based CI pipeline flow without slowing down release cycles. The tool, called for its Docker-based approach, is publicly available in GitHub. It implements a transparent application firewall based on a configuration mechanism avoiding issues in the CI workflow associated with intended or unintended container configurations. Integrated with other DevOps Engineers tools, it provides feedback from only those scenarios that match specific patterns, addressing future container security issues.

READ FULL TEXT
research
07/05/2021

An Empirical Analysis of Practitioners' Perspectives on Security Tool Integration into DevOps

Background: Security tools play a vital role in enabling developers to b...
research
05/25/2023

An Empirical Study on Workflows and Security Policies in Popular GitHub Repositories

In open-source projects, anyone can contribute, so it is important to ha...
research
07/11/2023

SecFlow: Adaptive Security-Aware Workflow Management System in Multi-Cloud Environments

In this paper, we propose an architecture for a security-aware workflow ...
research
11/26/2021

Towards a Secure and Reliable IT-Ecosystem in Seaports

Digitalization in seaports dovetails the IT infrastructure of various ac...
research
08/31/2023

Toward Automatically Completing GitHub Workflows

Continuous integration and delivery (CI/CD) are nowadays at the core of ...
research
09/30/2019

Continuous Flow Analysis to Detect Security Problems

We introduce a tool that supports continuous flow analysis in order to d...
research
01/30/2022

Making Secure Software Insecure without Changing Its Code: The Possibilities and Impacts of Attacks on the DevOps Pipeline

Companies are misled into thinking they solve their security issues by u...

Please sign up or login with your details

Forgot password? Click here to reset