Show simple item record

dc.contributorEscuela de Ingenierias Industrial e Informaticaes_ES
dc.contributor.authorFernández González, David 
dc.contributor.authorRodríguez Lera, Francisco Javier 
dc.contributor.authorEsteban, Gonzalo
dc.contributor.authorFernández Llamas, Camino 
dc.contributor.otherCiencias de la Computacion e Inteligencia Artificiales_ES
dc.date2022
dc.date.accessioned2022-02-28T12:52:41Z
dc.date.available2022-02-28T12:52:41Z
dc.identifier.citationFernández González, D., Rodríguez Lera, F.J., Esteban, G. et al. SecDocker: Hardening the Continuous Integration Workflow. SN COMPUT. SCI. 3, 80 (2022). https://doi.org/10.1007/s42979-021-00939-4
dc.identifier.issn2662-995X
dc.identifier.otherhttps://link.springer.com/article/10.1007/s42979-021-00939-4
dc.identifier.urihttp://hdl.handle.net/10612/14043
dc.description1-13 p.es_ES
dc.description.abstract[EN] Current Continuous Integration (CI) processes face significant intrinsic cybersecurity challenges. The idea is not only to solve and test formal or regulatory security requirements of source code but also to adhere to the same principles to the CI pipeline itself. This paper presents an overview of current security issues in CI workflow. It designs, develops, and deploys a new tool for the secure deployment of a container-based CI pipeline flow without slowing down release cycles. The tool, called SecDocker for its Docker-based approach, is publicly available in GitHub. It implements a transparent application f irewall based on a configuration mechanism avoiding issues in the CI workflow associated with intended or unintended container configurations. Integrated with other DevOps Engineers tools, it provides feedback from only those scenarios that match specific patterns, addressing future container security issues.es_ES
dc.languageenges_ES
dc.publisherSpringeres_ES
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 Internacional*
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 Internacional*
dc.rightsAttribution 4.0 International*
dc.rights.urihttps://creativecommons.org/licenses/by/4.0/*
dc.subjectInformáticaes_ES
dc.subjectIngeniería de sistemases_ES
dc.subject.otherContainerization es_ES
dc.subject.otherContinuous integration 
dc.subject.otherDocker
dc.titleSecDocker: Hardening the Continuous Integration Workflowes_ES
dc.typeinfo:eu-repo/semantics/articlees_ES
dc.identifier.doi10.1007/s42979-021-00939-4
dc.description.peerreviewedSIes_ES
dc.relation.projectID
dc.rights.accessRightsinfo:eu-repo/semantics/openAccesses_ES
dc.identifier.essn2661-8907
dc.journal.titleSN Computer Sciencees_ES
dc.volume.number3es_ES
dc.page.initial1es_ES
dc.page.final13es_ES
dc.type.hasVersioninfo:eu-repo/semantics/draftes_ES
dc.description.otherhttps://link.springer.com/article/10.1007/s42979-021-00939-4es_ES
dc.description.projectPublicación en abierto financiada por el Consorcio de Bibliotecas Universitarias de Castilla y León (BUCLE), con cargo al Programa Operativo 2014ES16RFOP009 FEDER 2014-2020 DE CASTILLA Y LEÓN, Actuación:20007-CL - Apoyo Consorcio BUCLE


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial-NoDerivatives 4.0 Internacional
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 Internacional