DevSecOps: A Multivocal Literature Review

• Published in: Software Process Improvement and Capability Determination Vol. 770; pp. 17 - 29
• Main Authors: Myrbakken, Håvard, Colomo-Palacios, Ricardo
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2017; Springer International Publishing
• Series: Communications in Computer and Information Science
• Subjects: DevOps; DevSecOps; Multivocal literature review; Security
• ISBN: 9783319673820; 3319673823
• ISSN: 1865-0929; 1865-0937
• DOI: 10.1007/978-3-319-67383-7_2

Involving security in DevOps has been a challenge because traditional security methods have been unable to keep up with DevOps’ agility and speed. DevSecOps is the movement that works on developing and integrating modernized security methods that can keep up with DevOps. This study is meant to give an overview of what DevSecOps is, what implementing DevSecOps means, the benefits gained from DevSecOps and the challenges an organization faces when doing so. To that end, we conducted a multivocal literature review, where we reviewed a selection of grey literature. We found that implementing security that can keep up with DevOps is a challenge, but it can gain great benefits if done correctly.