Automated software security activities in a continuous delivery pipeline

Due to the rise of cyberattacks in IT companies, software security has become a topic for debate. Currently, to secure their products, companies often use manual methods, which makes development stalled and inefficient. To speed up a software development lifecycle, security work needs to be integrated and automated into the development process. This thesis will provide an initial solution for automating the security phase into a continuous software delivery process. This solution involves integrating security tools into a Github repository by using Github Actions to create automated vulnerability scanning workflows for a software project. The solution will then be tested and evaluated with three open-source projects and one project from our sponsor, Volue

Automating Security in a Continuous Integration Pipeline

Traditional approaches to software security are based on manual methods, which tend to stall development, leading to inefficiency. To speed up a software development lifecycle, security needs to be integrated and automated into the development process. This paper will identify solutions for automating the security phase into a continuous software delivery process, integrating security tools into a Github repository by using Github Actions to create automated vulnerability scanning workflows for a software project.acceptedVersio