Framework for Integrating Threat Modeling into a DevOps Pipeline for Enhanced Software Development

Framework for Integrating Threat Modeling into a DevOps Pipeline for Enhanced Software Development

연구 분야: Software Development

학회: 2024 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)

In the realm of continuous integration and continuous deployment (CI/CD), safeguarding software systems is crucial. Integrating threat modeling into the DevOps pipeline ensures that security considerations are an integral part of the software development process, helping to prevent vulnerabilities from being introduced into production. This study outlines a detailed framework for embedding threat modeling into a Jenkins DevOps pipeline. The framework involves incorporating threat model results into a database and using this data to perform automated security scans. Three challenges are identified in integration of security in DevOps pipeline and discussed against the proposed framework.