• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.107-114
• /
• 2023

Successful implementations of DevOps practices significantly improvise software efficiency, collaboration and security. Most of the organizations are adopting DevOps for faster and quality software delivery. DevOps brings development and operation teams together to overcome all kind of communication gaps responsible for software failures. It relies on different sets of alternative tools to automate the tasks of continuous integration, testing, delivery, deployment and monitoring. Although DevOps is followed for being very reliable and responsible environment for quality software delivery yet it lacks many quantifiable aspects to prove it on the top of other traditional and agile development methods. This research evaluates quantitative performance of DevOps and traditional/ agile development methods based on software metrics. This research includes three sample projects or code repositories to quantify the results and for DevOps integrated selective tool chain; current research considers our earlier proposed and implemented DevOps hybrid model of integrated automation tools. For result discussion and validation, tabular and graphical comparisons have also been included to retrieve best performer model. This comparative and evaluative research will be of much advantage to our young researchers/ students to get well versed with automotive environment of DevOps, latest emerging buzzword of development industries.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.699-707
• /
• 2023

DevSecOps is a concept that adds security procedures to the operational procedures of DevOps to respond to the short development and operation cycle. Multi-step vulnerability scanning process should be considered to provide reliable security while supporting rapid development and deployment cycle in DevSecOps. Many open-source vulnerability scanning tools available can be used for each stage of scanning, but there are difficulties in evaluating the security level and identifying the importance of information in integrated operation due to the various functions supported by the tools and different security results. This paper proposes an integrated security metric design plan for scurity results and the combination of open-source scanning tools that can be used in security stage when building the open-source based DevSecOps system.

• International Journal of Computer Science & Network Security
• /
• v.22 no.8
• /
• pp.249-259
• /
• 2022

Project management and deployment has gone through a long journey from traditional and agile to continuous integration, continuous deployment and continuous monitoring. Software industry benefited with the latest buzzword in the development process, DevOps that not only escalates software productivity but at the same time enhances software quality. But the implementation and assessment of DevOps practices is expository as there are no guidelines to assess and improvise DevOps application in software industries. Hence, there was a need to develop a hybrid model to assist software practitioners in DevOps implementation. The intention behind this paper is to implement the already proposed DevOps hybrid model using suggested tool chains including Jenkins, Selenium, GitLab, Ansible and Nagios automation tools through Jenkins project management environment and plugins. To achieve this implementation objective, a java application is developed with a web-based graphical interface. Further, in this paper, different challenges and benefits of Jenkins implementation shall also be outlined. The paper also presents the effectiveness of DevOps based Model implementation in software organizations. The impact of considering other automation tools and models can also be considered as a part of further research.

• Review of KIISC
• /
• v.32 no.5
• /
• pp.67-73
• /
• 2022

DevOps는 개발과 운영을 배포 기간을 최소화함과 동시에 안정적인 운영을 목표로 하는 현재 가장 진보된 개발 문화이자 방법론이다. DevOps는 수많은 IT 기업에서 활용되고 있으며, 국방 분야도 마찬가지로 소프트웨어 전력 우위를 선점하기 위하여 DevOps 도입을 고려해왔다. 그러나 사이버 위협의 대응이 부족한 DevOps을 국방 소프트웨어에 적용하기가 쉽지 않다. 이에 미 국방부(Department of Defense, 이하 DoD)는 미래의 사이버 위협으로부터 국방 소프트웨어의 피해를 최소화하고자 DevOps 전 단계에 사이버 보안을 결합한 DevSecOps를 채택하여 개발 및 시범운영 중에 있다. 본 연구에서는 DevOps와 DevSecOps의 개념을 소개하고 국방 소프트웨어 분야의 적용 사례를 살펴본다. 그 중 DoD의 DevSecOps의구조, 구축 사례, 공급망 보안 방안을 분석하고 이를 바탕으로 우리 군의 DevSecOps 적용 가능성에 대해 논의하고자 한다.

• Journal of Information Processing Systems
• /
• v.17 no.5
• /
• pp.972-988
• /
• 2021

At present, DevOps environments are getting popular in software organizations due to better collaboration and software productivity over traditional software process models. Software artefacts in DevOps environments are vulnerable to frequent changes at any phase of the software development life cycle that create a continuous integration continuous delivery pipeline. Therefore, software artefact traceability management is challenging in DevOps environments due to the continual artefact changes; often it makes the artefacts to be inconsistent. The existing software traceability related research shows limitations such as being limited to few types of artefacts, lack of automation and inability to cope with continuous integrations. This paper attempts to overcome those challenges by providing traceability support for heterogeneous artefacts in DevOps environments using a prototype named SAT-Analyser. The novel contribution of this work is the proposed traceability process model consists of artefact change detection, change impact analysis, and change propagation. Moreover, this tool provides multi-user accessibility and is integrated with a prominent DevOps tool stack to enable collaborations. The case study analysis has shown high accuracy in SAT-Analyser generated results and have obtained positive feedback from industry DevOps practitioners for its efficacy.

• Journal of the Korea Convergence Society
• /
• v.10 no.12
• /
• pp.71-80
• /
• 2019

DevOps is a combining which means giving a diverse environments for software development and operations through whole software lifecycle. The key value of the proposed DevOps platform is the fast and stable service capability for a software development and operation environment. To do this, the DevOps gives pre-embedded 7 programming languages-Java, C/C++, Python, PHP, Ruby, Node.js, goLang and 7 service frameworks - Korea eGov Framework, Spring, Struts, Django, Laravel, Rails, Express. With the DevOps platform, it is possible to develop a software and also to build and distribute operation packages directly with the Linux containers. In this paper, the performance evaluation for a compile time, a distribution time and a processing capability is will be also proved. Though the performance evaluation, this paper shows capabilities of the proposed DevOps for Cloud services with commercial service level, prospectively.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.27-34
• /
• 2024

Network separation is an important policy that Cyber Incident prevent cyber and protect data. Recently, the IT environment is changing in software development, such as remote work, using the cloud, and using open sources. Due to these changes, fintech companies' development productivity and efficiency are lowering due to network separation regulations, and the demand for easing network separation continued. The government revised the regulations electronic financial supervision(hereafter EFS) in response to needs for mitigation of network separation in the IT environment and fintech companies. Some amendments to the EFS, which took effect on 01/01/2023, mitigate network separation only for research and development purposes in cloud environments. If software developed in a cloud development environment is applied to an operating system through a distribution system the existing perimeter-based security model will not satisfaction the network separation conditions. In this Study, we would like to propose a way to maintain the DevOps system in a network separation environment by Using the zero trust security system.

• KIISE Transactions on Computing Practices
• /
• v.23 no.2
• /
• pp.85-96
• /
• 2017

IoT-Cloud service, integration of Internet of Things (IoT) and Cloud, is becoming a critical model for realizing creative and futuristic application services. Since IoT machines have little computing capacity, it is effective to attaching public Cloud resources for realizing IoT-Cloud service. Furthermore, utilizing containers and adopting a microservice architecture for developing IoT-Cloud service are useful for effective realization. The quality of microservice based IoT-Cloud service is affected by service function chaining which inter-connects each functions. For example, an issue with some of the functions or a bottleneck of inter-connection can degrade the service quality. To ensure functionality of the entire service, various test procedures considering various service environments are required to improve the service continuously. Hence in this paper, we introduce experimental realization of continuous integration based on DevOps and employ application performance monitoring for Node.js based IoT-Cloud service. Then we discuss its effectiveness.

• Journal of the Korea Convergence Society
• /
• v.10 no.9
• /
• pp.47-53
• /
• 2019

This paper is analyzed of the characteristics of development operations and development security operations of the software and product, and the use analysis tools from a software code perspective. Also, it is emphasized the importance of human factors and the need to strengthen them, when considering security design rules. In this paper, we consider a secure process for managing change, focusing on fast and accurate decision-making in terms of procedural factors, when considering development security operations. In addition, the paper discussed the need for maturity model analysis in relation to the development security operating characteristics, and analyzed the meaning of the analysis elements through detailed procedures for the strength and integration elements of the dynamic and static elements accordingly. The paper also analyzed factors such as scanning activity and code analysis for threat modeling and compliance and control.

• Review of KIISC
• /
• v.25 no.1
• /
• pp.47-52
• /
• 2015

보안에서 인적보안(Personal Security)의 예방통제 중 하나로 개발/운영을 분리하는 직무분리(Separation of Duty)를 해오고 있다. 고의적인 시스템의 오용을 줄이기 위한 방법이며, 많은 국제 표준과 국내 표준(COBIT, ISMS, 등)에서 직무분리를 명시하고 있다. 하지만 무중단 시스템이면서, 운영자가 특정 전문가 집단으로 한정되고, 수 많은 변경이 발생하는 무중단 환경에서 개발/운영이 분리 됨으로 인한 여러 가지 문제점이 발생 하고 있다. 체계를 운영하면서 전문지식을 기반으로 한 요구사항을 명확하게 이해하지 못하면, 추가적인 요구사항이 발생한다. 이는 체계의 품질저하와 위험(Risk)증가로 이어지게 된다. 따라서 본 연구에서는 개발운영조직 통합관리(DevOps) 방법론을 SCADA와 같이 운영자가 해당 분야의 전문성을 가지고, 무중단으로 운영되며, 수많은 변경이 반영되는 시스템에서 개발 및 운영을 통합하였을 때, 발생할 수 있는 문제점과 개선방안을 제시하고자 한다.