|
Abstract.
This article highlights the significance of integrating DevSecOps (Development, security and Operations) practices into the research on detecting common attacks in Kubernetes environments. As Kubernetes gains rapid traction as a prominent container orchestration platform, the security challenges associated with containerized applications have grown in magnitude. However, traditional security methodologies often struggle to keep pace with the dynamic and fast-evolving nature of containerized environments, leaving potential vulnerabilities for malicious actors to exploit. By emphasizing the importance of DevSecOps, this article aims to underscore its role in improving the security posture of Kubernetes deployments and promoting a proactive approach to safeguarding containerized applications. The article also discusses key considerations and benefits of implementing DevSecOps in the context of Kubernetes security research.
Keywords:
DevSecOps, Kubernetes security, DevOps, security practices.
DOI: 10.14357/20790279240309
EDN: SDRKHO Стр. 78-88.
References
1. G. Darwesh, J. Hammoud, and A. A. Vorobeva, “A novel approach to feature collection for anomaly detection in Kubernetes environment and agent for metrics collection from Kubernetes nodes,” Sci. Tech. J. Inf. Technol. Mech. Opt., vol. 23, no. 3, pp. 538–546, Jun. 2023, doi: 10.17586/2226-1494-2023-23-3-538-546. 2. K. Gomes, “The Importance of DevSecOps,” Honor. Capstones, May 2018, Accessed: Jul. 23, 2023. [Online]. Available: https://huskiecommons.lib.niu.edu/studentengagement-honorscapstones/1214 3. L. Prates, J. Faustino, M. Silva, and R. Pereira, “DevSecOps metrics,” Lect. Notes Bus. Inf. Process., vol. 359, pp. 77–90, 2019, doi: 10.1007/978-3-030-29608-7_7/COVER. 4. M. Sánchez-Gordón and R. Colomo-Palacios, “Security as Culture: A Systematic Literature Review of DevSecOps,” Proc. - 2020 IEEE/ACM 42nd Int. Conf. Softw. Eng. Work. ICSEW 2020, pp. 266–269, Jun. 2020, doi: 10.1145/3387940.3392233. 5. S. Rahul, “Implementation of DevSecOps using Open-Source tools,” Int. J. Adv. Res., 2019, Accessed: Jul. 22, 2023. [Online]. Available: www.IJARIIT.com 6. R. Mao et al., “Preliminary Findings about DevSecOps from Grey Literature,” Proc. - 2020 IEEE 20th Int. Conf. Softw. Qual. Reliab. Secur. QRS 2020, pp. 450–457, Dec. 2020, doi: 10.1109/QRS51102.2020.00064. 7. H. Myrbakken and R. Colomo-Palacios, “DevSecOps: A multivocal literature review,” Commun. Comput. Inf. Sci., vol. 770, pp. 17–29, 2017, doi: 10.1007/978-3-319-67383-7_2/COVER. 8. R. N. Rajapakse, M. Zahedi, M. A. Babar, and H. Shen, “Challenges and solutions when adopting DevSecOps: A systematic review,” Inf. Softw. Technol., vol. 141, p. 106700, Jan. 2022, doi: 10.1016/J.INFSOF.2021.106700. 9. S. K. Mondal, R. Pan, H. M. D. Kabir, T. Tian, and H. N. Dai, “Kubernetes in IT administration and serverless computing: An empirical study and research challenges,” J. Supercomput., vol. 78, no. 2, pp. 2937–2987, Feb. 2022, doi: 10.1007/s11227-021-03982-3. 10. W. Y. Petrochina, Z. T. Petrochina, and G. Y. Petrochina, “Design and implementation of continuous integration scheme based on Jenkins and Ansible,” 2018 Int. Conf. Artif. Intell. Big Data, ICAIBD 2018, pp. 245–249, Jun. 2018, doi: 10.1109/ICAIBD.2018.8396203. 11. F. Lombardi and A. Fanton, “From DevOps to DevSecOps is not enough. CyberDevOps: an extreme shifting-left architecture to bring cybersecurity within software security lifecycle pipeline,” Softw. Qual. J., vol. 31, no. 2, pp. 619–654, Jun. 2023, doi: 10.1007/S11219-023-09619-3/METRICS. 12. [V. Mohan and L. Ben Othmane, “SecDevOps: Is it a marketing buzzword? Mapping research on security in DevOps,” Proc. - 2016 11th Int. Conf. Availability, Reliab. Secur. ARES 2016, pp. 542–547, Dec. 2016, doi: 10.1109/ARES.2016.92. 13. B. Mburano and W. Si, “Evaluation of web vulnerability scanners based on OWASP benchmark,” 26th Int. Conf. Syst. Eng. ICSEng 2018 - Proc., Feb. 2019, doi: 10.1109/ICSENG.2018.8638176. 14. G. Darwesh, J. Hammoud, and A. A. Vorobeva, “SECURITY IN KUBERNETES: BEST PRACTICES AND SECURITY ANALYSIS,” J. Ural Fed. Dist. Inf. Secur., vol. 22, no. 2, 2022, doi: 10.14529/SECUR220209. 15. [S. I. Shamim, “Mitigating security attacks in kubernetes manifests for security best practices violation,” in ESEC/FSE 2021 - Proceedings of the 29th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Association for Computing Machinery, Inc, Aug. 2021, pp. 1689–1690. doi: 10.1145/3468264.3473495. 16. F. Moyon, P. Almeida, D. Riofrio, D. Mendez, and M. Kalinowski, “Security Compliance in Agile Software Development: A Systematic Mapping Study,” Proc. - 46th Euromicro Conf. Softw. Eng. Adv. Appl. SEAA 2020, pp. 413–420, Aug. 2020, doi: 10.1109/SEAA51224.2020.00073.
|
