Model to reduce DevOps Pipeline execution time using SAST-Reference-Cited by-同舟云学术

Model to reduce DevOps Pipeline execution time using SAST

Published:2023-07-13 Issue: Volume: Page:
ISSN:
Container-title:
language:
Short-container-title:

Author:

Saurabh Shobhit Kumar¹^ORCID,Kumar Deepak¹^ORCID

Affiliation:

1. Amity University

Abstract

Abstract Static code analysis (SAST is a well-known concept) to identify security flaws in the code to improve software product quality. A SAST tool called SonarQube which can scan source code of an application and identify the vulnerabilities present in software. It can also find the RCA of the vulnerabilities found in software products. it helps in rehabilitating the securities flaws found in analysis of the software products. SAST tools analyses upside-down for an application. It does not need s system to be in running state to perform analysis. The scan provides instant feedback to developers in terms of reducing security risks for an application. It helps to resolve issues which was present during development and helps developers to increase their knowledge. As a result, developers become competent about knowledge of security for software product. The sonar analysis report provides on demand access to all recommendations. The user can navigate to line-of-code which have vulnerabilities and they can do faster discovery and auditing. And hence the developers can write more code which is less vulnerable. This way they have more secure and quality product delivered. To conduct static analysis, the author(s) has used SonarQube as a tool, which compile and measure the code quality for the code kept in repositories. As Devops/DevSecOps standards, SonarQube is used to create different pipelines which normally increases the build pipeline execution time. In the proposed solution, the author(s) tried to reduce build pipeline execution time by conducting static analysis early Devops phases. Proposed solution uses GitHub open-source project written in C Sharp.Net language, Azure Devops, dotnet sonar scanner tool and SonarQube to conduct static analysis and testing. The authors(s) tried to enhance the software quality in early Devops phases which will be helpful in reducing the build time and cost. Proposed framework will be helpful in increasing reliability, efficiency, and performance of software project.

Publisher

Research Square Platform LLC

Reference33 articles.

1. Modelling and measuring attributes influencing DevOps implementation in an enterprise using structural equation modelling”, Information and Software Technology;Viral Gupta, Kapoor PK,2017

2. Kumar Deepak, “On the Development of Feature-Based Sprint in AGILE”, Advances in Intelligent Systems and Computing, Volume 904;Sharma Sarika,2019

3. Requirement Barriers to Implement the Software Projects in Agile Development;Kumar Deepak D,2022

4. Predicting suitable agile method using fuzzy AHP”;Rajbala Singh, Kumar Deepak;Recent Advances in Computer Science and Communications,2021

5. Exploring Story Cards for Evaluating Requirement Understanding in Agile Software Development”;Sharma Sarika KD;Journal of Information Technology Management