Over recent years, Development, Security, and Operations (DevSecOps, hereafter) has evolved as a unique shift-left strategy that integrates security practices, early on in the Development and Operations (DevOps, for short) software development methodology. However, DevSecOps is not devoid of challenges. Insecure tools and insider attacks are some of the threats that can escape the security controls enforced in DevSecOps pipelines. In this paper, we analyze the possibility of embedding Zero Trust into the organization's developer workflow as a strategy to further secure DevSecOps by removing the implicit trust among the various components of the pipelines. Based on a systematic review of the present literature and for each phase of the DevSecOps life cycle, we evaluated the possible integration of current ZTA approaches.
Sok: Zero Trust as a Strategy to Address Devsecops Challenges
Nicolazzo S.;Nocera A.;
2025-01-01
Abstract
Over recent years, Development, Security, and Operations (DevSecOps, hereafter) has evolved as a unique shift-left strategy that integrates security practices, early on in the Development and Operations (DevOps, for short) software development methodology. However, DevSecOps is not devoid of challenges. Insecure tools and insider attacks are some of the threats that can escape the security controls enforced in DevSecOps pipelines. In this paper, we analyze the possibility of embedding Zero Trust into the organization's developer workflow as a strategy to further secure DevSecOps by removing the implicit trust among the various components of the pipelines. Based on a systematic review of the present literature and for each phase of the DevSecOps life cycle, we evaluated the possible integration of current ZTA approaches.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
