SecDocker: Hardening the Continuous Integration Workflow
Abstract
Current Continuous Integration processes face significant intrinsic cybersecurity challenges. The idea is not only to solve and test formal or regulatory security requirements of source code but also to adhere to the same principles to the CI pipeline itself. This paper presents an overview of current security issues in CI workflow. It designs, develops, and deploys a new tool for the secure deployment of a container-based CI pipeline flow without slowing down release cycles. The tool, called \SD for its Docker-based approach, is publicly available in GitHub. It implements a transparent application firewall based on a configuration mechanism avoiding issues in the CI workflow associated with intended or unintended container configurations. Integrated with other DevOps Engineers tools, it provides feedback from only those scenarios that match specific patterns, addressing future container security issues.
Cite
@article{arxiv.2104.07899,
title = {SecDocker: Hardening the Continuous Integration Workflow},
author = {David Fernández González and Francisco Javier Rodríguez Lera and Gonzalo Esteban and Camino Fernández Llamas},
journal= {arXiv preprint arXiv:2104.07899},
year = {2021}
}
Comments
Preprint: 15 pages, 5 figures, 2 tables. Public repository: https://github.com/uleroboticsgroup/Secdocker