Authentic Learning on DevOps Security with Labware: Git Hooks To Facilitate Automated Security Static Analysis

Authentic Learning on DevOps Security with Labware: Git Hooks To Facilitate Automated Security Static Analysis

연구 분야: Software Development

학회: 2024 IEEE 48th Annual Computers, Software, and Applications Conference (COMPSAC)

This paper presents an innovative approach to DevOps security education, addressing the dynamic landscape of cybersecurity threats. We propose a student-centered learning methodology by developing comprehensive hands-on learning modules. Specifically, we introduce labware modules designed to automate static security analysis, empowering learners to identify known vulnerabilities efficiently. These modules offer a structured learning experience with pre-lab, hands-on, and post-lab sections, guiding students through DevOps concepts and security challenges. In this paper, we introduce hands-on learning modules that familiarize students with recognizing known security flaws through the application of Git Hooks. Through prac-tical exercises with real-world code examples containing security flaws, students gain proficiency in detecting vulnerabilities using relevant tools. Initial evaluations conducted across educational institutions indicate that these hands-on modules foster student interest in software security and cybersecurity and equip them with practical skills to address DevOps security vulnerabilities.