| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Mikkonen, Tommi", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Laitinen, Aatu Kalevi", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-06-14T05:56:07Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-06-14T05:56:07Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/95861", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "With the ever increasing need for modern software development companies to be able to continuously release new code and the increased emphasis on the security of the software, the practice of shifting security processes to the earlier stages of the development has become coveted. However creating a DevSecOps environment where the responsibility of the security processes is shifted to the developers without hindering their ability to efficiently produce software is challenging.\n\nThis work conducts a multivocal narrative literature review to research both academic and grey literature for what type of challenges the shift-left security introduces for the development speed. The review also identifies various solutions that can be utilized to mitigate the hindrance on the development efficiency. One of these solutions is the use of dependency management bots to automatically create fixes for vulnerabilities in projects' dependencies. This solutions is further studied on by implementing it to a real world company environment in the form of a case study.\n\nAs a part of the case study a guideline was created for how GitHub's Dependabot can be used to speed up the dependency vulnerability fixing process. The case study used a Likert-scale questionnaire to gather insight and prejudice on the presented usage of Dependabot. The results indicated that there is a gain in terms of increasing the speed of the vulnerability fixing process as well as increasing the overall security of the projects. The identified barriers for the implementation were also deemed in the results to not be restricting factors for the adaption of the Dependabot's security updates. The small sample size of the study and the limited view of only a single company means that the results can not be used to reflect the global view on the matter, but the study's results can still be utilized as an entry point for Dependabot's security update adaptation.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Nykyp\u00e4iv\u00e4n ohjelmistokehitysyritysten kasvava tarve kyet\u00e4 jatkuvasti julkaisemaan uutta koodia sek\u00e4 ohjelmistojen turvallisuuden entist\u00e4 suurempi korostuminen on johtanut siihen, ett\u00e4 tietoturvaprosessien siirt\u00e4misest\u00e4 kehityksen aikaisempiin vaiheisiin on tullut oleellisempaa n\u00e4ille yrityksille. DevSecOps-ymp\u00e4rist\u00f6n luominen, jossa tietoturvaprosessien vastuu on siirretty kehitt\u00e4jille siten, ettei heid\u00e4n kykyns\u00e4 tuottaa tehokkaasti uutta koodia heikentyisi, on kuitenkin haastavaa.\n\nT\u00e4ss\u00e4 ty\u00f6ss\u00e4 toteutetaan moni\u00e4\u00e4ninen narratiivinen kirjallisuuskatsaus, jonka avulla etsit\u00e4\u00e4n vastauksia sek\u00e4 akateemisesta ett\u00e4 harmaasta kirjallisuudesta sille, millaisia haasteita tietoturvan siirt\u00e4minen vasemmalle aiheuttaa ohjelmistokehitysnopeudelle. Kirjallisuuskatsauksessa tunnistetaan my\u00f6s erilaisia ratkaisuja, joilla voidaan lievent\u00e4\u00e4 t\u00e4t\u00e4 kehityksen tehokkuuden heikentymist\u00e4. Yksi n\u00e4ist\u00e4 ratkaisuista on riippuvuuksien hallintaan kehitetyt botit, joiden avulla voidaan automaattisesti p\u00e4ivitt\u00e4\u00e4 projektien haavoittuvuuneet riippuvuudet. T\u00e4t\u00e4 ratkaisua tutkitaan my\u00f6s tarkemmin toteuttamalla se tosiel\u00e4m\u00e4n yritysymp\u00e4rist\u00f6ss\u00e4 tapaustutkimuksen muodossa.\n \nOsana tapaustutkimusta luotiin ohje siit\u00e4, miten GitHubin Dependabottia voidaan k\u00e4ytt\u00e4\u00e4 nopeuttamaan projektien riippuvuuksien haavoittuvuuksien korjausprosessia. T\u00e4ss\u00e4 tapaustutkimuksessa k\u00e4ytettiin Likert-asteikko-pohjaista kysely\u00e4 n\u00e4kemyksien ja ennakkoluulojen ker\u00e4\u00e4miseen esitetyn Dependabotin k\u00e4yt\u00f6n suhteen. Tulokset osoittivat, ett\u00e4 haavoittuvuuksien korjausprosessin nopeutta ja projektien yleist\u00e4 turvallisuutta on mahdollista parantaa toteutuksen avulla. My\u00f6s tunnistetut esteet Dependabotin tietoturvap\u00e4ivitysten k\u00e4ytt\u00f6\u00f6notolle eiv\u00e4t tulosten perusteella olleet t\u00e4t\u00e4 rajoittavia tekij\u00f6it\u00e4. Tutkimuksen pieni otoskoko ja rajoittuminen vain yhteen yritykseen tarkoittaa, ett\u00e4 tuloksia ei voida pit\u00e4\u00e4 yleisp\u00e4tevin\u00e4, mutta tutkimuksen tuloksia voidaan silti k\u00e4ytt\u00e4\u00e4 l\u00e4ht\u00f6kohtana Dependabotin tietoturvap\u00e4ivitysten k\u00e4ytt\u00f6\u00f6notolle.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2024-06-14T05:56:07Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-06-14T05:56:07Z (GMT). No. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "65", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "CC BY 4.0", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "Ensuring development efficiency with DevSecOps: A case study on streamlining dependency vulnerability management with Dependabot", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202406144627", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information and Software Engineering", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tieto- ja ohjelmistotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://creativecommons.org/licenses/by/4.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|