OpenSource tools for a secdevops pipeline
The objective of this project is to study the open source tools that an operations team, following a SecDevOps methodology, should implement in its development infrastructure, to increase security. The project is based on a simple application that did not follow best security practices, and to which...
| Autor: | |
|---|---|
| Tipo de recurso: | tesis de maestría |
| Fecha de publicación: | 2022 |
| País: | España |
| Institución: | Universitat Politècnica de Catalunya (UPC) |
| Repositorio: | UPCommons. Portal del coneixement obert de la UPC |
| Idioma: | inglés |
| OAI Identifier: | oai:upcommons.upc.edu:2117/373778 |
| Acceso en línea: | https://hdl.handle.net/2117/373778 |
| Access Level: | acceso abierto |
| Palabra clave: | Open source software Computer security Opensource SecDevOps Security Pipeline Dockers SSO OpenID Seguridad Programari lliure Seguretat informàtica Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica |
| Sumario: | The objective of this project is to study the open source tools that an operations team, following a SecDevOps methodology, should implement in its development infrastructure, to increase security. The project is based on a simple application that did not follow best security practices, and to which an infrastructure has been built around it, to solve this situation. The idea arises from the concern that, in a context of global digitalization, where in many cases, security mechanisms have not been applied in the best possible way, certain technologies and best practices must be applied to increase the level of security in the applications. The work is based on a microservices architecture, using containers to implement the applications, obtaining efficient, secure and scalable systems. In addition, a single sign on (SSO) authentication system has been added through OpenID Connect, a container monitoring system, a log centralization system, code scanners and container scanners, among others. The project allows to see the change that the application has undergone during the course of this process and concludes with an assessment of the operation of each of the tools used. |
|---|