Background: Security tools play a vital role in enabling developers to build
secure software. However, it can be quite challenging to introduce and fully
leverage security tools without affecting the speed or frequency of deployments
in the DevOps paradigm. Aims: We aim to empirically investigate the key
challenges practitioners face when integrating security tools into a DevOps
workflow in order to provide recommendations for overcoming the challenges.
Method: We conducted a study involving 31 systematically selected webinars on
integrating security in DevOps. We used a qualitative data analysis method,
i.e., thematic analysis, to identify and understand the challenges of
integrating security tools in DevOps. Results: We find that whilst traditional
security tools are unable to cater for the needs of DevOps, the industry is
developing and adopting new generations of security tools that have started
focusing on the needs of DevOps. We have developed a DevOps workflow that
integrates security tools and a set of guidelines by synthesizing
practitioners’ recommendations in the analyzed webinars. Conclusion: Whilst the
latest security tools are addressing some of the requirements of DevOps, there
are many tool-related drawbacks yet to be adequately addressed.

Go to Source of this post
Author Of this post: <a href="">Roshan Namal Rajapakse</a>, <a href="">Mansooreh Zahedi</a>, <a href="">Muhammad Ali Babar</a>

By admin