Downloads: 0 | Views: 11

Research Paper | Information Security | United States of America | Volume 9 Issue 12, December 2020 | Popularity: 2.9 / 10

DevSecOps Automation: SAST/DAST Integration in GitLab CI/CD with Semgrep, OWASP ZAP, and Dependency-Check

Sandhya Guduru

Abstract: As software development accelerates, integrating security into continuous integration and continuous deployment (CI/CD) pipelines is essential. This paper explores the automation of security testing in GitLab CI/CD by embedding Static Application Security Testing (SAST) with Semgrep, Dynamic Application Security Testing (DAST) with OWASP ZAP, and Software Bill of Materials (SBOM) generation with Dependency-Check. These tools enable early vulnerability detection, reducing security risks in production. The implementation of SLSA scorecards is also examined to assess software supply chain security and Kubernetes admission controllers to enforce security policies by blocking vulnerable builds. Automating these security measures can enhance application security without compromising development speed. This paper highlights best practices for securing DevSecOps pipelines effectively.

Keywords: DevSecOps Automation, CI/CD Security, GitLab CI/CD, SBOM analysis, SAST and DAST, OWASP ZAP, Dependency-Check, Kubernetes admission controllers

Edition: Volume 9 Issue 12, December 2020

Pages: 1893 - 1898

DOI: https://www.doi.org/10.21275/SR20127082903

Please Disable the Pop-Up Blocker of Web Browser

Verification Code will appear in 2 Seconds ... Wait

Text copied to Clipboard!

Sandhya Guduru, "DevSecOps Automation: SAST/DAST Integration in GitLab CI/CD with Semgrep, OWASP ZAP, and Dependency-Check", International Journal of Science and Research (IJSR), Volume 9 Issue 12, December 2020, pp. 1893-1898, https://www.ijsr.net/getabstract.php?paperid=SR20127082903, DOI: https://www.doi.org/10.21275/SR20127082903