ANALYSIS OF DEVSECOPS METHODOLOGY IN SOFTWARE DEVELOPMENT PROCESSES
| Autor: | Viktor Alexeevich Guzhva, Valeriy Yuriyovich Volovshchykov, Andrii Oleksandrovich Hapon, Volodymyr Mykolayovych Fedorchenko, Andrii Oleksandrovich Polyakov |
|---|---|
| Rok vydání: | 2020 |
| Předmět: | |
| Zdroj: | Вісник Національного технічного університету "ХПІ": Серія: Системний аналiз, управління та iнформацiйнi технологiї, Vol 0, Iss 1 (3), Pp 68-73 (2020) |
| ISSN: | 2410-2857 2079-0023 |
| Popis: | The subject of this research is the software development and protection methodology within DevSecOps. This methodology has changed the approach to ensuring security from reactive to proactive, and also emphasizes the importance of security at all levels of the organization. DevSecOps means providing security in application development from the earliest stages to the very end, and also includes automating some security gateways to prevent DevOps from slowing down the workflow. It is necessary to maintain short and frequently repeated cycles of software product development, as well as integrate security measures. Choosing the right tools for continuous security integration can help achieve these goals. Modern automation tools have helped organizations implement more flexible development methods, and also played a role in the development of new security measures. Effective protection of DevOps requires not only new tools, but also changes in the organization of DevOps processes in order to quickly integrate the work of security teams with other specialists, which will improve the quality of the product. The article is devoted to a detailed analysis of modern approaches and methodologies for systematizing software development and protection, including SDLC, BSIMM and OpenSAMM. The purpose of the work is the classification of approaches to the construction of DevSecOps processes, as well as the consideration of systematization methodologies for existing software protection tools that ensure the interaction of a development team and information protection specialists within one development life cycle. The following tasks are solved in the article: consideration and analysis of DevSecOps process construction approaches and consideration of systematization methodologies for software protection tools. The following results were obtained: the necessary components for the construction of DevSecOps processes are analyzed. Conclusions: the analysis allows us to classify the process of developing and protecting software using the DevSecOps methodology. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|