Emerging from the agile culture, DevOps particularly emphasizes development and deployment speed to achieve rapid value delivery, which however brings some security risks to the software development process. DevSecOps is an extension of DevOps, which is considered as a means to intertwine development, operation and security. Based on the core idea of DevSecOps, DevOps+ Research Laboratory conduct a comprehensive survey to investigate the state-of-the-practice of DevSecOps. We devote ourselves to promote the adoption of DevSecOps from aspects of culture, technology and process.

List of Outcomes

Publications

戴启铭,毛润丰,黄璜,荣国平,沈海峰,邵栋. DevSecOps: DevOps下实现持续安全的实践探索.软件学报,2021,32(10):3014-3035

He Zhang, Runfeng Mao, Huang Huang, Qiming Dai, Xin Zhou, Haifeng Shen, and Guoping Rong. “Processes, challenges and recommendations of grey literature review: An experience report”, Information and Software Technology (2021): 106607.

Runfeng Mao, He Zhang, Qiming Dai, Huang Huang, Guoping Rong, Haifeng Shen, Lianping Chen, and Kaixiang Lu. “Preliminary findings about devsecops from grey literature”, In Proceedings of 2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS), pp. 450-457, 2020.

Patents

戴启铭, 张贺, 毛润丰, 刘博涵, 周鑫, 荣国平, 邵栋. 一种面向代码安全的提交优先级排序方法和系统: 中国, CN202110564803.X.