Development of a System to Support the Adoption of DevSecOps
DevSecOps, Security, Vulnerability
The Brazilian Judiciary, made up of ninety-four Courts and their respective Information and
Communication Technology departments, faces the crucial challenge of unifying its judicial
systems. Despite the efforts of the National Justice Council (CNJ), a significant disparity
between administrative and support systems still persists. This diversity of solutions,
combined with different personnel structures, technical capabilities and infrastructures,
makes it difficult to control the applications in use, meet deadlines and, especially, software
security. To address these challenges, it is proposed to implement software that supports
IT areas in adopting the DevSecOps methodology, integrating development, security and
operations. This approach aims to break down knowledge silos, distribute responsibilities
and information more efficiently, increase transparency in the IT area, improve quality
and reduce development time, in addition to optimizing software maintenance throughout
its life cycle. . The development of the solution was based on a literature review to identify
best practices and tools for vulnerability analysis, elicitation of minimum functional and
non-functional requirements, choice of appropriate technology for programming language,
development tools and database. Use cases and tools for proof of concept were defined,
focused on application security assessments, using calls to the application programming
interface (API) and presenting results through a web interface. Key benefits identified
include centralized visualization of information about applications and their dependencies,
effective vulnerability analysis, flexible integration of security tools, and expanded visibility
into application security for the entire IT team.