Continuous Security Analysis for DevSecOps
Project
Continuous Security Analysis for DevSecOps
Principal Investigator
Oracle Principal Investigator
Francois Gauthier, Consulting Researcher
Mahinthan Chandramohan, Principal Researcher
Padmanabhan Krishnan, Research Director
Summary
The aim of this project is to invent a novel approach to continuous security analysis for the rapid releases in DevOps, and thereby making the paradigm of DevSecOps adoptable in practice. To this end, we will:
- Devise continuous security impact analysis for various kinds of changes to the system, including changes to code, API, and infrastructure;
- Invent directed SAST and DAST techniques targeting evolving software, which leverage the security impact analysis on the changes and their security implications to the system;
- Develop proof-of-concept tool support and apply it to several representative DevSecOps scenarios, with a goal of facilitating Oracle’s DevSecOps initiatives.