OpenSource tools for a secdevops pipeline

The objective of this project is to study the open source tools that an operations team, following a SecDevOps methodology, should implement in its development infrastructure, to increase security. The project is based on a simple application that did not follow best security practices, and to which...

Descripción completa

Detalles Bibliográficos
Autor: Canyelles Toledano, Martí
Tipo de recurso: tesis de maestría
Fecha de publicación:2022
País:España
Institución:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/373778
Acceso en línea:https://hdl.handle.net/2117/373778
Access Level:acceso abierto
Palabra clave:Open source software
Computer security
Opensource
SecDevOps
Security
Pipeline
Dockers
SSO
OpenID
Seguridad
Programari lliure
Seguretat informàtica
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Descripción
Sumario:The objective of this project is to study the open source tools that an operations team, following a SecDevOps methodology, should implement in its development infrastructure, to increase security. The project is based on a simple application that did not follow best security practices, and to which an infrastructure has been built around it, to solve this situation. The idea arises from the concern that, in a context of global digitalization, where in many cases, security mechanisms have not been applied in the best possible way, certain technologies and best practices must be applied to increase the level of security in the applications. The work is based on a microservices architecture, using containers to implement the applications, obtaining efficient, secure and scalable systems. In addition, a single sign on (SSO) authentication system has been added through OpenID Connect, a container monitoring system, a log centralization system, code scanners and container scanners, among others. The project allows to see the change that the application has undergone during the course of this process and concludes with an assessment of the operation of each of the tools used.