NCI WEBSITE
NORMA eResearch @NCI Library

Practical Implementation of Zero Trust Security in DevSecOps Pipelines

Tools

Kandasamy, Siva Suriya (2025) Practical Implementation of Zero Trust Security in DevSecOps Pipelines. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (667kB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (2MB) | Preview

Abstract

With practices of DevSecOps becoming ever more utilized in current software development, the need to have sound security models has also seen the increased upward trend with rapid software delivery made possible by increased DevSecOps practices. Traditional perimeter-based security offerings are ineffective in controlling the dynamic nature of the threats, particularly such environments that have been built on the principle of microservices, adaptive orchestration and containerized application. Based on such challenges, this paper applies Zero Trust Security (ZTS) principles to cloud-native DevSecOps flow. This is done via making a comparative analysis of a standard DevSecOps pipeline (Pre-ZTS) to an enhanced pipeline, with ZTS controls (Post-ZTS). The key components will be the Open Policy Agent (OPA) able to perform dynamic admission control, the Istio Service Mesh that will enable service to service authentication and micro-segmentation, and the lightweight Kubernetes (K3s) orchestration. The use of complimentary security scanning tools which were OWASP ZAP, Trivy, and SonarCloud were employed to mimic a real-life threat detection process by attacking the vulnerability such as SQL injection and container image exploit. OWASP Juice Shop application was used as the testbed to subject the capabilities of the runtime policy enforcement and strengths of access control, as well as exposure to vulnerabilities. Results have shown that the ZTS metrics do not alter the output of a fixed vulnerability scanner but have the potential to significantly improve runtime security state as well as access control without materially impacting the deployment rate. The current piece provides one such implementation route that fills that gap of purely theoretical descriptions of Zero Trust structures and how they are used in practice in existing CI/CD environments.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Heeney, Sean
UNSPECIFIED
Uncontrolled Keywords: Zero Trust Security; DevSecOps; OPA; Istio; Trivy
Subjects: T Technology > T Technology (General) > Information Technology > Cloud computing
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cloud Computing
Depositing User: Ciara O'Brien
Date Deposited: 26 Mar 2026 13:17
Last Modified: 26 Mar 2026 13:17
URI: https://norma.ncirl.ie/id/eprint/9223

Actions (login required)

View Item View Item