Giovanni Bernardo
DevSecOps pipelines improvement: new tools, false positive management, quality gates and rollback.
Rel. Riccardo Sisto. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022
|
Preview |
PDF (Tesi_di_laurea)
- Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (3MB) | Preview |
Abstract
DevSecOps, as extension of the DevOps paradigm, allows to integrate security inside applications and infrastructures from the beginning of the development, and to automate these security control activities. This development practice decreases the time necessary to make security checks, avoiding a ping-pong effect between developers and analysts, and allowing to save resources. A powerful DevSecOps instrument is the CI/CD pipeline: a sequence of steps that provides Continuous Integration (CI) and Continuous Delivery (CD), introducing automated security monitoring and providing a way to optimize the application development process. The objective of this thesis is the improvement of already existent DevSecOps pipelines orchestrated by Jenkins, focusing: on the introduction of new tools, on the management of false positives and on the introduction of quality gates and rollback functionalities.
In this scenario cloud related technologies such as Docker and Kubernetes are used, with the purpose of hosting applications and tools
Relatori
Anno Accademico
Tipo di pubblicazione
Numero di pagine
Corso di laurea
Classe di laurea
Aziende collaboratrici
URI
 |
Modifica (riservato agli operatori) |
