Ensuring component dependencies and facilitating documentation by applying Open Policy Agent in a DevSecOps cloud environment

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2022-10-17
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
55
Series
Abstract
In a DevOps environment, developers benefit from fast iteration of development lifecycle. DevSecOps expand DevOps, which integrates security compliance in the lifecycle. DevSecOps guarantees that, during each development iteration, the security constraints are met, which assures no vulnerabilities are introduced to the system. Open Policy Agent (OPA), is an open-source policy engine. It can declaratively enforce policies and apply them in a distributed environment. OPA can be utilized in DevSecOps to enforce policies on configuration files to improve security compliance and best-practices. However, it is not trivial to integrate OPA into an existing workflow. This thesis introduces a software engineering model which is called Policy Champion Model. It proposes a solution to support DevSecOps and illustrates how to properly manage policies and integrate OPA in a workflow. Besides, this thesis develops a tool called Wand to tackle the problem of tedious manual effort to modify configuration files after policy enforcement, so that the process of fixing or supplementing configuration files can be automated. Moreover, the defined policies can be deemed as grey documentation. They supplement traditional documentation for a newly joined developer and facilitate understanding the policies, security compliance, best-practices and other technical knowledge. This thesis demonstrates two typical scenarios to apply DevSecOps in a cloud environment: scenario of observability and security. The evaluation displays the usage of Wand, its practicality and shows that Policy Champion Model with Wand is suitable for agile team to apply DevSecOps. Additionally, policies are grey documentation which are responsive and interactive.
Description
Supervisor
Fagerholm, Fabian
Thesis advisor
Fagerholm, Fabian
Keywords
policy champion model, wand, OPA, DevSecOps, DevOps
Other note
Citation