Downloads: 0 | Views: 12
Research Paper | Information Security | United States of America | Volume 9 Issue 12, December 2020 | Rating: 3 / 10
DevSecOps Automation: SAST/DAST Integration in GitLab CI/CD with Semgrep, OWASP ZAP, and Dependency-Check
Sandhya Guduru
Abstract: As software development accelerates, integrating security into continuous integration and continuous deployment (CI/CD) pipelines is essential. This paper explores the automation of security testing in GitLab CI/CD by embedding Static Application Security Testing (SAST) with Semgrep, Dynamic Application Security Testing (DAST) with OWASP ZAP, and Software Bill of Materials (SBOM) generation with Dependency-Check. These tools enable early vulnerability detection, reducing security risks in production. The implementation of SLSA scorecards is also examined to assess software supply chain security and Kubernetes admission controllers to enforce security policies by blocking vulnerable builds. Automating these security measures can enhance application security without compromising development speed. This paper highlights best practices for securing DevSecOps pipelines effectively.
Keywords: DevSecOps Automation, CI/CD Security, GitLab CI/CD, SBOM analysis, SAST and DAST, OWASP ZAP, Dependency-Check, Kubernetes admission controllers
Edition: Volume 9 Issue 12, December 2020,
Pages: 1893 - 1898