Latest issue Issue 1, 2025 Vol. 17

All issues

2025 Vol. 17
- Issue 1
2024 Vol. 16
- Issue 7 (special issue)
- Issue 6
- Issue 5
- Issue 4
- Issue 3
- Issue 2
- Issue 1 (special issue)
2023 Vol. 15
- Issue 6
- Issue 5
- Issue 4 (special issue)
- Issue 3
- Issue 2 (special issue)
- Issue 1
2022 Vol. 14
- Issue 6
- Issue 5
- Issue 4 (special issue)
- Issue 3
- Issue 2 (special issue)
- Issue 1
2021 Vol. 13
- Issue 6
- Issue 5
- Issue 4
- Issue 3
- Issue 2 (special issue)
- Issue 1
2020 Vol. 12
- Issue 6
- Issue 5
- Issue 4
- Issue 3
- Issue 2
- Issue 1
2019 Vol. 11
- Issue 6
- Issue 5
- Issue 4
- Issue 3
- Issue 2
- Issue 1
2018 Vol. 10
- Issue 6
- Issue 5 (special issue)
- Issue 4
- Issue 3 (special issue)
- Issue 2
- Issue 1
2017 Vol. 9
- Issue 6
- Issue 5
- Issue 4
- Issue 3
- Issue 2
- Issue 1
2016 Vol. 8
- Issue 6
- Issue 5
- Issue 4
- Issue 3
- Issue 2
- Issue 1
2015 Vol. 7
- Issue 6
- Issue 5
- Issue 4
- Issue 3 (special issue)
- Issue 2
- Issue 1
2014 Vol. 6
- Issue 6 (special issue)
- Issue 5
- Issue 4
- Issue 3
- Issue 2
- Issue 1
2013 Vol. 5
- Issue 6 (special issue)
- Issue 5
- Issue 4
- Issue 3
- Issue 2
- Issue 1
2012 Vol. 4
- Issue 4
- Issue 3
- Issue 2
- Issue 1
2011 Vol. 3
- Issue 4
- Issue 3
- Issue 2
- Issue 1
2010 Vol. 2
- Issue 4
- Issue 3
- Issue 2
- Issue 1
2009 Vol. 1
- Issue 4
- Issue 3
- Issue 2
- Issue 1

Результаты поиска по 'DevSecOps':

Найдено статей: 2

Editor’s note
Computer Research and Modeling, 2024, v. 16, no. 7, pp. 1533-1538
Sadovykh A., Ivanov V.
Enhancing DevSecOps with continuous security requirements analysis and testing
Computer Research and Modeling, 2024, v. 16, no. 7, pp. 1687-1702

The fast-paced environment of DevSecOps requires integrating security at every stage of software development to ensure secure, compliant applications. Traditional methods of security testing, often performed late in the development cycle, are insufficient to address the unique challenges of continuous integration and continuous deployment (CI/CD) pipelines, particularly in complex, high-stakes sectors such as industrial automation. In this paper, we propose an approach that automates the analysis and testing of security requirements by embedding requirements verification into the CI/CD pipeline. Our method employs the ARQAN tool to map high-level security requirements to Security Technical Implementation Guides (STIGs) using semantic search, and RQCODE to formalize these requirements as code, providing testable and enforceable security guidelines.We implemented ARQAN and RQCODE within a CI/CD framework, integrating them with GitHub Actions for realtime security checks and automated compliance verification. Our approach supports established security standards like IEC 62443 and automates security assessment starting from the planning phase, enhancing the traceability and consistency of security practices throughout the pipeline. Evaluation of this approach in collaboration with an industrial automation company shows that it effectively covers critical security requirements, achieving automated compliance for 66.15% of STIG guidelines relevant to the Windows 10 platform. Feedback from industry practitioners further underscores its practicality, as 85% of security requirements mapped to concrete STIG recommendations, with 62% of these requirements having matching testable implementations in RQCODE. This evaluation highlights the approach’s potential to shift security validation earlier in the development process, contributing to a more resilient and secure DevSecOps lifecycle.

Keywords: cybersecurity, DevSecOps, DevOps, continuous integration, requirements, requirements engineering, tests, natural language processing, machine learning, SBERT, RQCODE, ARQAN, GITHUB.

Indexed in Scopus

Full-text version of the journal is also available on the web site of the scientific electronic library eLIBRARY.RU

The journal is included in the Russian Science Citation Index

The journal is included in the RSCI

International Interdisciplinary Conference "Mathematics. Computing. Education"