Abstract: DevSecOps as a part of Agile Secure Software Development Life Cycle (SDLC) is increasingly significant in the development of secure contemporary applications. Modern business organizations implement Agile development methodologies to increase the speed and flexibility of development processes, but information security is addressed as an add-on or as an optional feature, and applications become easily exposed to various threats. DevSecOps implements security as a part of Development, Security and Operations where the objective is to include security measures in each stage of the SDLC to establish safety measures to minimize risks early. When integrated into the Agile SDLC as a system, DevSecOps can help improve the organization’s culture focus on security from the initial stage and not solely during the process’s completion. Using DevSecOps and Agile SDLC, this paper aims to provide a guide on how security can be made to run throughout the entire development cycle from the development feeling all the way to deployment, and maintenance. It provides detail overview on how security can be incorporated into the Agile approach, some of the techniques include, security testing, threat analysis and security checking in a continuous integration. Further, with the reference to developers, operation services, and security subsections mean that the security issue has to be a top priority for cross-functional cooperation. Over all the paper also avails strategies in dealing with contentious issues in integration including learning lessons from other organisations and that resistance to change is inevitable and the issue of security management at a large scale. Finally, this research establishes that expanding integration between DevSecOps and Agile SDLC can lead to dramatic organizational gains in software security while enabling the rapid speed of deliver that is vital for companies in the modern digital environment.
Keywords: DevSecOps, Agile, Secure Software Development Lifecycle, Security Integration, Continuous Monitoring
|
DOI:
10.17148/IJARCCE.2021.10831
