Show simple item record

dc.contributor.advisorNiemimaa, Marko Ilmari
dc.contributor.advisorSpagnoletti, Paolo
dc.contributor.authorBjørntvedt, Nicolai Knudsen
dc.contributor.authorSæther, Knut
dc.date.accessioned2024-07-26T16:23:22Z
dc.date.available2024-07-26T16:23:22Z
dc.date.issued2024
dc.identifierno.uia:inspera:229856738:50875320
dc.identifier.urihttps://hdl.handle.net/11250/3143420
dc.description.abstractWith the rise of DevOps, the automation of software development processes like CI/CD, particularly in integration and operation has increased significantly. Organizations are leveraging these advancements to accelerate development and increase the frequency of deployments. However, despite the emphasis on speed, the integration of security practices within CI/CD pipelines often lags, posing significant risks as exemplified by high-profile breaches like SolarWinds. The existing literature and industry tools lack comprehensive frameworks for adequately assessing the security posture of CI/CD pipelines. Although some frameworks exist, they often fail to thoroughly address all necessary security aspects in depth. To address this gap, we have developed a model based on design science principles that allows organizations to assess the security of their CI/CD pipelines. This is achieved through a structured spreadsheet that converts responses into numerical scores, facilitating a bottomup assessment of security across various focus areas. This model enables the visualization of security levels through multiple layers of abstraction, each representing a different aspect of security. Our research included three multivocal literature reviews (MLRs). The first MLR identified critical focus areas essential for a security-oriented maturity model. The second MLR mapped specific security practices to different maturity levels. The third MLR investigated whether any existing security-oriented maturity models could be adapted. Our model, the CI/CD Security Maturity Model (CICDSecMM), is grounded in these literature reviews and enriched by insights from numerous interviews and a case study. Through iterative cycles of building, evaluating, and refining the model based on interview feedback, we conducted a final case study to validate the model in a real-world setting.
dc.description.abstract
dc.languageeng
dc.publisherUniversity of Agder
dc.titleDesigning the CI/CD Security Maturity Model
dc.typeMaster thesis


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record