Security Tools in DevSecOps: A Systematic Literature Review
2022 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE credits
Student thesisAlternative title
Säkerhetsverktyg i DevSecOps : En systematisk litteraturöversikt (Swedish)
Abstract [en]
DevSecOps emerged to mitigate the challenges of integrating security into DevOps. DevOps have grown tremendously, leading to difficulties in integrating security tools in its development process while maintaining speed and agility. This study aims to investigate the security tools in DevSecOps and how they have been reported in previous literature. The main objective of this study is to provide a knowledge base concerning security tools in DevSecOps that can be used to mitigate challenges regarding the selection and use of security tools in the context of DevSecOps. A systematic literature review was adopted for the research. The study collected a total of 228 studies published between 2015 and 2022; fourteen of these papers were selected to be used for data extraction after conducting a thorough review protocol.
This study has identified thirteen security tool categories used or recommended to be used in DevSecOps. These tools have been structured into seven phases of the development process and five security practices. Additionally, this study has identified twelve drawbacks and sixteen recommendations concerning the use of these security tools in DevSecOps.
The security tools categories, recommendations, and drawbacks identified in this study could potentially be used to facilitate the challenges of selecting and using security tools in DevSecOps and similar methodologies that rely on automation and delivering software frequently.
Place, publisher, year, edition, pages
2022. , p. 59
Keywords [en]
DevSecOps, DevOps, Security Tools, SDLC phases, Shift Security to the Left, Continuous Security, Automation, Systematic Literature Review
Keywords [sv]
DevSecOps, DevOps, Säkerhetsverktyg, SDLC-faser, Skift säkerhet till vänster, Kontinuerlig säkerhet, Automation, Systematisk litteraturgranskning
National Category
Other Engineering and Technologies not elsewhere specified
Identifiers
URN: urn:nbn:se:lnu:diva-118400OAI: oai:DiVA.org:lnu-118400DiVA, id: diva2:1727554
Subject / course
Computer Science; Computer Science
Educational program
Software Development and Operations, 180 credits; Software Engineering Programme, 180 credits
Presentation
2022-09-09, 09:45 (Swedish)
Supervisors
Examiners
2023-01-162023-01-162023-01-16Bibliographically approved