DevOps focuses on collaboration between different teams in an organization to achieve rapid deployment of software and services to end-users by automating the software delivery infrastructure. According to Dyck et al. DevOps is a software process that emphasizes collaboration within and between different teams involved in software development. According to a study from CA Technologies [5], 88% of 1425 organization executives stated that they have adopted DevOps, or are planning to adopt DevOps in the next five years.
According to Puppet Labs’ 2015 State of DevOps Report organizations that have adopted DevOps experienced 60 times fewer failures and deploy 30 times more frequently than organizations that have not adopted DevOps. Despite the popularity, security aspects of DevOps remain a concern for organizations that want to adopt DevOps [5]. In organizations that use DevOps practices, developers can commit and deploy their software changes at a rapid rate using an automated pipeline. At such a rapid rate, if the security team operates in isolation without close collaboration with the development and operations teams, then the rapidly deployed software changes might not undergo the adequate security reviews, potentially leading to vulnerable software.
Bringing security principles within the DevOps process can help the organization in achieving better quality of software by integrating security checks into the phases of development, testing, and deployment. The goal of this study is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment.