Kontakt
stefan.bente[at]th-koeln.de
+49 2261 8196 6367
Discord Server
Prof. Bente Personal Zoom
Adresse
Steinmüllerallee 4
51643 Gummersbach
Gebäude LC4
Raum 1708 (Wegbeschreibung)
Sprechstunde nach Vereinbarung
Terminanfrage: calendly.com Wenn Sie dieses Tool nicht nutzen wollen, schicken Sie eine Mail und ich weise Ihnen einen Termin zu.

Secure coding tools for DevSecOps

Everyone who has ever written code knows that it’s nearly impossible to develop software without making mistakes. Some software bugs are harmless and affect the application’s functionality only slightly. However, other mistakes can lead to severe consequences, such as data loss or software being compromised. Due to constraints in time and knowledge, developers often cannot detect and fix all critical vulnerabilities. To support software engineers in writing and deploying robust software systems, many secure coding approaches have been developed over the past years. All of these can be integrated into a CI/CD pipeline to automatically audit code when developers push their changes. This process is also a core aspect of the DevSecOps philosophy.

Background

… explained by Prof. Dr. Viet Nguyeng, colleague at TH Köln, who has considerable experience in DevSecOps, and will supervise this topic.

Objective(s)

The objective of this topic is to study secure coding tools such as DAST, SAST, SCA, Fuzzing, or container scanning in GitLab.

Research Question(s)

Research questions for this topic might include:

  • What security tools for secure coding/DevSecOps exist in general?
  • What security tools are available in GitLab to support developers in implementing and deploying secure software?
  • How can these tools be integrated into a CI/CD pipeline?
  • To what extent do these tools help developers detect and fix vulnerabilities?

Sources