Ensuring component dependencies and facilitating documentation by applying Open Policy Agent in a DevSecOps cloud environment

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorFagerholm, Fabian
dc.contributor.authorTan, Junsheng
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorFagerholm, Fabian
dc.date.accessioned2022-10-23T17:05:16Z
dc.date.available2022-10-23T17:05:16Z
dc.date.issued2022-10-17
dc.description.abstractIn a DevOps environment, developers benefit from fast iteration of development lifecycle. DevSecOps expand DevOps, which integrates security compliance in the lifecycle. DevSecOps guarantees that, during each development iteration, the security constraints are met, which assures no vulnerabilities are introduced to the system. Open Policy Agent (OPA), is an open-source policy engine. It can declaratively enforce policies and apply them in a distributed environment. OPA can be utilized in DevSecOps to enforce policies on configuration files to improve security compliance and best-practices. However, it is not trivial to integrate OPA into an existing workflow. This thesis introduces a software engineering model which is called Policy Champion Model. It proposes a solution to support DevSecOps and illustrates how to properly manage policies and integrate OPA in a workflow. Besides, this thesis develops a tool called Wand to tackle the problem of tedious manual effort to modify configuration files after policy enforcement, so that the process of fixing or supplementing configuration files can be automated. Moreover, the defined policies can be deemed as grey documentation. They supplement traditional documentation for a newly joined developer and facilitate understanding the policies, security compliance, best-practices and other technical knowledge. This thesis demonstrates two typical scenarios to apply DevSecOps in a cloud environment: scenario of observability and security. The evaluation displays the usage of Wand, its practicality and shows that Policy Champion Model with Wand is suitable for agile team to apply DevSecOps. Additionally, policies are grey documentation which are responsive and interactive.en
dc.format.extent55
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/117364
dc.identifier.urnURN:NBN:fi:aalto-202210236150
dc.language.isoenen
dc.programmeMaster’s Programme in Security and Cloud Computing (SECCLO)fi
dc.programme.majorSecurity and Cloud Computingfi
dc.programme.mcodeSCI3113fi
dc.subject.keywordpolicy champion modelen
dc.subject.keywordwanden
dc.subject.keywordOPAen
dc.subject.keywordDevSecOpsen
dc.subject.keywordDevOpsen
dc.titleEnsuring component dependencies and facilitating documentation by applying Open Policy Agent in a DevSecOps cloud environmenten
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Tan_Junsheng_2022.pdf
Size:
2.11 MB
Format:
Adobe Portable Document Format