Autors: Nikolov, L. A., Aleksieva-Petrova, A. P. Title: Action Research on the DevSecOps Pipeline Keywords: DevSecOps, DAST, SAST, Threat Modeling Abstract: In this paper, we explore the symbiotic relationship between automation and human expertise, highlighting how DevSecOps methodologies facilitate early detection and mitigation of vulnerabilities, thus fortifying the overall software security posture. By examining the cultural shifts required to embrace DevSecOps within organizations, we shed light on the collaborative and agile mindset necessary for successful implementation. Moreover, this paper elucidates the advancements in tooling and technologies that have accelerated the adoption of DevSecOps, including containerization, orchestration, and cloud-native architectures. We also explore the challenges and limitations practitioners face when adopting DevSecOps practices, encompassing threat modeling, secure coding practices, and regulatory compliance. The paper establishes DevSecOps as a dynamic and evolving discipline at the intersection of development, security, and operations, shaping the future of software security by embracing s References Issue
Copyright IEEE Xplore |
Вид: публикация в международен форум, публикация в реферирано издание, индексирана в Scopus