DevSecOps: A Multivocal Literature Review

Involving security in DevOps has been a challenge because traditional security methods have been unable to keep up with DevOps’ agility and speed. DevSecOps is the movement that works on developing and integrating modernized security methods that can keep up with DevOps. This study is meant to give an overview of what DevSecOps is, what implementing DevSecOps means, the benefits gained from DevSecOps and the challenges an organization faces when doing so. To that end, we conducted a multivocal literature review, where we reviewed a selection of grey literature. We found that implementing security that can keep up with DevOps is a challenge, but it can gain great benefits if done correctly.

[1]  Miss A.O. Penney (b) , 1974, The New Yale Book of Quotations.

[2]  Rodney T. Ogawa,et al.  Towards Rigor in Reviews of Multivocal Literatures: Applying the Exploratory Case Study Method , 1991 .

[3]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[4]  Jan Bosch,et al.  Modeling continuous integration practice differences in industry software development , 2014, J. Syst. Softw..

[5]  Anne Connell,et al.  Modern DevOps: Optimizing software development through effective system interactions , 2014, 2014 IEEE International Professional Communication Conference (IPCC).

[6]  Richard Berntsson-Svensson,et al.  On the journey to continuous deployment: Technical and social challenges along the way , 2015, Inf. Softw. Technol..

[7]  Vahid Garousi,et al.  When and what to automate in software testing? A multi-vocal literature review , 2016, Inf. Softw. Technol..

[8]  Laurie Williams,et al.  Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Practices , 2016, 2016 IEEE/ACM International Workshop on Continuous Software Evolution and Delivery (CSED).

[9]  Eoin Woods Software Architecture in a Changing World , 2016, IEEE Software.

[10]  Guilherme Horta Travassos,et al.  Characterizing DevOps by Hearing Multiple Voices , 2016, SBES '16.

[11]  Lotfi Ben Othmane,et al.  SecDevOps: Is It a Marketing Buzzword? - Mapping Research on Security in DevOps , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[12]  Matt Callanan,et al.  DevOps: Making It Easy to Do the Right Thing , 2016, IEEE Software.

[13]  I. Head,et al.  DevSecOps: How to Seamlessly Integrate Security Into DevOps , 2016 .

[14]  Diomidis Spinellis,et al.  Being a DevOps Developer , 2016, IEEE Softw..

[15]  Vahid Garousi,et al.  The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature , 2016, EASE.

[16]  Rory V. O'Connor,et al.  Continuous software engineering—A microservices architecture perspective , 2017, J. Softw. Evol. Process..

[17]  Klaas-Jan Stol,et al.  Continuous software engineering: A roadmap and agenda , 2017, J. Syst. Softw..

[18]  Vahid Garousi,et al.  Software test maturity assessment and test process improvement: A multivocal literature review , 2017, Inf. Softw. Technol..

[19]  Hans-Peter Fröschle DevOps , 2017, HMD Praxis der Wirtschaftsinformatik.

[20]  Pasi Kuvaja,et al.  Continuous deployment of software intensive products and services: A systematic mapping study , 2017, J. Syst. Softw..

[21]  Pasi Kuvaja,et al.  Systematic literature review on the impacts of agile release engineering practices , 2017, Inf. Softw. Technol..