The goal of this study is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment. Software practitioners can aid from a study that investigates the security practices used by organizations that have adopted DevOps to integrate security in their organization.
In our study we focus on identifying the security practices that can be used, and are actually in use to integrate security in DevOps. We conduct this study by selecting and analyzing a set of 66 Internet artifacts, such as blog posts and video presentations.
We then identified a set of software practices used to integrate security in DevOps. Leveraging findings from our analysis of Internet artifacts, we created a survey to further investigate the software practices that are used in the surveyed DevOps organizations to integrate security. The survey was administered to representatives of nine organizations that have adopted DevOps.