NCI WEBSITE
NORMA eResearch @NCI Library

Developing a Framework for Integrating Security Testing into the CI/CD Pipeline using Automation

Tools

Derenda Seetharam, Praveen (2024) Developing a Framework for Integrating Security Testing into the CI/CD Pipeline using Automation. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (2MB) | Preview

Abstract

The increasing frequency of security breaches in software applications proves the importance of more frequent and comprehensive security testing, integrated into CI/CD deployment pipelines. This research presents a novel framework that incorporates security testing at all stages of software development life cycle. The unique mix of SAST, DAST, and dependency vulnerabilities scanning, the framework provides developers and security team with a diverse set of security testing tools. The framework is implemented using GitHub Actions to streamline automation and integrates tools such as Lint for code formatting, CodeQL for static analysis, CodeClimate for maintainability checks, Snyk for dependency vulnerability scanning, and OWASP ZAP for dynamic application security testing. The output of these processes is then containerized and pushed to Docker Hub, ensuring a seamless integration with modern CI/CD workflows. OWASP Juice Shop, a deliberately vulnerable web application, serves as the target application for demonstrating the effectiveness of this framework. By automating security testing and embedding it into CI/CD pipelines, this research provides a robust approach to mitigating risks earlier in the development process while maintaining the agility and speed of modern software delivery practices.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Sahni, Vikas
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 18 Jul 2025 10:46
Last Modified: 18 Jul 2025 10:46
URI: https://norma.ncirl.ie/id/eprint/8199

Actions (login required)

View Item View Item