Integrating Security Testing in CI/CD Pipelines: Current Trends from Literature and Market

Integrating Security Testing in CI/CD Pipelines: Current Trends from Literature and Market

연구 분야: Analysis

학회: 2024 Ninth International Conference on Informatics and Computing (ICIC)

As digital systems play an increasingly central role in modern business operations, the integration of security into software development has become paramount. DevSecOps ad-dresses this need by embedding security practices across the Continuous Integration and Continuous Delivery (CI/CD) pipeline. However, there remains a lack of structured approaches for systematically incorporating security testing into CI/CD workflows. This study addresses this gap by employing a mixed-method empirical approach, combining an in-depth literature review with a comprehensive market analysis. The research identifies key security tests applicable at various stages of the CI/CD pipeline and explores the factors influencing the selection and integration of security tools. The findings offer valuable insights for both academia and industry, presenting a robust framework for the structured integration of security testing within CI/CD processes, ultimately enhancing the security posture of software delivery.