NCI WEBSITE
NORMA eResearch @NCI Library

Monitoring the Security Vulnerabilities in CI/CD Pipeline Using DevSecOps Security Testing Tools

Tools

Shetty,, Aniket Ashok (2024) Monitoring the Security Vulnerabilities in CI/CD Pipeline Using DevSecOps Security Testing Tools. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (3MB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (9MB) | Preview

Abstract

With the increasing use of Development & Operations (DevOps) in the Software Development Life Cycle, the security is an important concern which needs to be taken into consideration. So, “Static Application Security Testing” (SAST) and “Dynamic Application Security Testing” (DAST) have been integrated in CI/CD Pipelines to check the vulnerabilities of a software at the build and deployment stage. However, the current tools were not efficient enough to detect the vulnerabilities in real-time, so in this research the main motive is to overcome those gaps by advancing the security tool to check vulnerabilities and attacks in a software. By integrating new methods like “Interactive Application Security Testing” (IAST) it provides a real-time vulnerability detection by monitoring the internal behaviour of applications. In this research, the demonstration of improved results of security testing tools are showcased. Where “Snyk” (SAST) tool identified 82 vulnerabilities in more effective and efficient way than the previous work, on the other hand “Stackhawk” (DAST) tool delivered decent results, lastly the integration of “Datadog” (IAST) was successfully done, as it does the work of both SAST & DAST in one tool.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Sahni, Vikas
UNSPECIFIED
Uncontrolled Keywords: Software Development Life Cycle (SDLC); DevOps; DevSecOps; Static Application Security Testing (SAST); Dynamic Application Security Testing (DAST); Interactive Application Security Testing (IAST)
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software
T Technology > T Technology (General) > Information Technology > Computer software
T Technology > T Technology (General) > Information Technology > Cloud computing
Divisions: School of Computing > Master of Science in Cloud Computing
Depositing User: Ciara O'Brien
Date Deposited: 16 Jul 2025 13:51
Last Modified: 16 Jul 2025 13:51
URI: https://norma.ncirl.ie/id/eprint/8154

Actions (login required)

View Item View Item