Compartir
Título
SecDocker: Hardening the Continuous Integration Workflow
Autor
Facultad/Centro
Área de conocimiento
Título de la revista
SN Computer Science
Cita Bibliográfica
Fernández González, D., Rodríguez Lera, F.J., Esteban, G. et al. SecDocker: Hardening the Continuous Integration Workflow. SN COMPUT. SCI. 3, 80 (2022). https://doi.org/10.1007/s42979-021-00939-4
Editorial
Springer
Fecha
2022
ISSN
2662-995X
Resumen
[EN] Current Continuous Integration (CI) processes face significant intrinsic cybersecurity challenges. The idea is not only to solve and test formal or regulatory security requirements of source code but also to adhere to the same principles to the CI pipeline itself. This paper presents an overview of current security issues in CI workflow. It designs, develops, and deploys a new tool for the secure deployment of a container-based CI pipeline flow without slowing down release cycles. The tool, called SecDocker for its Docker-based approach, is publicly available in GitHub. It implements a transparent application f irewall based on a configuration mechanism avoiding issues in the CI workflow associated with intended or unintended container configurations. Integrated with other DevOps Engineers tools, it provides feedback from only those scenarios that match specific patterns, addressing future container security issues.
Materia
Palabras clave
Peer review
SI
URI
DOI
Versión del editor
Aparece en las colecciones
- Artículos [4625]
Ficheros en el ítem
Tamaño:
1.289
xmlui.dri2xhtml.METS-1.0.size-megabytes
Formato:
Adobe PDF