A Systematic Literature Review on Continuous Integration and Deployment (CI/CD) for Secure Cloud Computing

TL;DR

This paper systematically reviews 66 studies on the security aspects of continuous integration and deployment in cloud environments, highlighting tools, challenges, and research gaps to enhance cloud security practices.

Contribution

It provides a comprehensive synthesis of existing tools, approaches, and challenges in securing CI/CD pipelines in cloud computing, identifying key research gaps.

Findings

Tools like Harbor, SonarQube, and GitHub Actions are used for security.

Challenges include image manipulation, unauthorized access, and weak authentication.

Research gaps exist in how tools address security issues in CI/CD pipelines.

Abstract

As cloud environments become widespread, cybersecurity has emerged as a top priority across areas such as networks, communication, data privacy, response times, and availability. Various sectors, including industries, healthcare, and government, have recently faced cyberattacks targeting their computing systems. Ensuring secure app deployment in cloud environments requires substantial effort. With the growing interest in cloud security, conducting a systematic literature review (SLR) is critical to identifying research gaps. Continuous Software Engineering, which includes continuous integration (CI), delivery (CDE), and deployment (CD), is essential for software development and deployment. In our SLR, we reviewed 66 papers, summarising tools, approaches, and challenges related to the security of CI/CD in the cloud. We addressed key aspects of cloud security and CI/CD and reported on tools such as Harbor, SonarQube, and GitHub Actions. Challenges such as image manipulation, unauthorised access, and weak authentication were highlighted. The review also uncovered research gaps in how tools and practices address these security issues in CI/CD pipelines, revealing a need for further study to improve cloud-based security solutions.