Strategies For Implementing The Devsecops Approach Into The Agile Software Development Lifecycle

Diana Patricia  Gamba Alarcón

doi:10.22490/25394088.6720

Vol. 17 No. 2 (2023)

Published

2023-07-15

Pre-Print (Spanish)

PDF (Spanish)

Metrics

Metrics Loading ...

Strategies For Implementing The Devsecops Approach Into The Agile Software Development Lifecycle

DOI: https://doi.org/10.22490/25394088.6720

Section

Artículo teórico

Diana Patricia Gamba Alarcón Universidad Pedagógica y Tecnológica de Colombia

The aim is to generate a procedure for implementing DevSecOps in the early stages of the development life cycle for software projects that apply agile methodologies; to create fast and secure deliveries to minimize costs, save time and generate higher-quality products. The need arises because, in the field of software engineering, it is evident that security is not taken into account during the entire development life cycle but is usually left for the last stage, generating delays in the delivery of projects to the end user.

Devsecops, agile, shift left security, sdlc, quality, ic/dc

Akbar, M. A., Smolander, K., Mahmood, S., & Alsanad, A. (2022). Toward successful DevSecOps in software development organizations: A decision-making framework. Information and Software Technology, 147(October 2021), 106894. https://doi.org/10.1016/j.infsof.2022.106894

Amazon Web Services, I. (n.d.). Amazon SQS. https://aws.amazon.com/sqs/?nc1=h_ls

Apisec. (2022). Shift Left Security: The Ultimate Guide. https://www.apisec.ai/blog/shift-left-security#:~:text=Shifting left means integrating testing,in the lifecycle as possible

Aqua. (n.d.). “What is Shift Left Testing & Security?” https://www.aquasec.com/cloud-native-academy/devsecops/shift-left-devops/

Atlassian. (n.d.). Kubernetes vs. Docker. https://www.atlassian.com/microservices/microservices-architecture/kubernetes-vs-docker

Cynoteck. (2020). An Introduction to Security Testing. https://cynoteck.com/blog-post/introduction-to-security-testing/

Diaz Diaz, S. M. (2014). Pruebas de Seguridad en Aplicaciones Web como Imperativo en la Calidad de Desarrollo del Software. 8. https://www.unab.edu.co/sites/default/files/MemoriasGrabadas/papers/capitulo7_paper_13.pdf

Google Cloud. (n.d.-a). What are Containers? https://cloud.google.com/learn/what-are-containers

Google Cloud. (n.d.-b). What is Pub/Sub? https://cloud.google.com/pubsub/docs/overview

IBM - Deutschland | IBM. (n.d.). What is DevSecOps? https://www.ibm.com/cloud/learn/devsecops

ISTQB. (2018). Certified Tester Foundation Level Syllabus International Software Testing Qualifications Board. 96. https://www.istqb.org/downloads/send/51-ctfl2018/208-ctfl-2018-syllabus.html

Menejías García, Roberto; Hidalgo Reyes, Noel Harrinso; Marín Díaz, Aymara ; Trujillo Casañola, Y. (2021). Procedure for evaluating security of software products. Revista Cubana de Ciencias Informáticas, 15, 333–349. https://www.redalyc.org/journal/3783/378370462020/html/

Mishra, A., & Otaiwi, Z. (2020). DevOps and software quality: A systematic mapping. Computer Science Review, 38, 100308. https://doi.org/10.1016/j.cosrev.2020.100308

PORTAL ISO 25000. (n.d.). ISO 25010. https://iso25000.com/index.php/normas-iso-25000/iso- 25010

Redhat. (2021). Advantages of Kubernetes-native security. https://www.redhat.com/en/topics/containers/advantages-of-kubernetes-native-security

Ruparelia, N. B. (2010). Software development lifecycle models. ACM SIGSOFT Software Engineering Notes, 35(3), 8–13. https://doi.org/10.1145/1764810.1764814

Vijayakumar, K., & Arun, C. (2019). Continuous security assessment of cloud based applications using distributed hashing algorithm in SDLC. Cluster Computing, 22(s5), 10789–10800. https://doi.org/10.1007/s10586-017-1176-x

Gamba Alarcón, D. P. . (2023). Strategies For Implementing The Devsecops Approach Into The Agile Software Development Lifecycle. Publicaciones E Investigación, 17(2). https://doi.org/10.22490/25394088.6720

Download Citation

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

When the Publicaciones e Investigaciones Journal receives an original study or article from its author(s), whether by email, postal service, or the platforms available for said purpose, know that it may be published in physical or electronic formats in national or international archives, databases, or SIRES. As such, Publications and Research authorizes the reproduction and citation of said material, provided that the description of information is carried out in conformity with bibliographic norms, and mention the corresponding names, authors, article, issue, and pages. Publications and Research, in advance, expresses that the information, concepts, and methods are the responsibility of the author(s). As such, the UNAD does not have any influence whatsoever over that expressed in the manuscript.

Published

Strategies For Implementing The Devsecops Approach Into The Agile Software Development Lifecycle

Keywords