TL;DR
This paper introduces SecDocker, a Docker-based tool that enhances security in CI pipelines by implementing a transparent application firewall, ensuring secure container deployment without impacting release speed.
Contribution
It presents a novel Docker-based security tool for CI pipelines that integrates with DevOps tools and provides targeted security feedback.
Findings
Secure CI pipeline deployment without slowing release cycles
Implementation of a transparent application firewall in Docker
Integration with DevOps tools for targeted security feedback
Abstract
Current Continuous Integration processes face significant intrinsic cybersecurity challenges. The idea is not only to solve and test formal or regulatory security requirements of source code but also to adhere to the same principles to the CI pipeline itself. This paper presents an overview of current security issues in CI workflow. It designs, develops, and deploys a new tool for the secure deployment of a container-based CI pipeline flow without slowing down release cycles. The tool, called \SD for its Docker-based approach, is publicly available in GitHub. It implements a transparent application firewall based on a configuration mechanism avoiding issues in the CI workflow associated with intended or unintended container configurations. Integrated with other DevOps Engineers tools, it provides feedback from only those scenarios that match specific patterns, addressing future…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
