Automation in the software delivery process is considered best practice in secure Software development life cycle(SDLC) and DevOps Deployment of software occurs multiple times in a week, day or within a span of few minutes. Manual deployment of the code and database which comprises the desired software is not only tedious but also prone to errors. The Continuous Integration and Continuous Deployment (CI/CD) pipeline ensure that the software delivery is done in an efficient and reliable way so that the software is available for use at any instant of time. In this paper, we discuss a basic approach towards the development of a customized CI/CD pipeline with static analysis tool (SAT) integration providing greater reliability to our architecture. SAT is one of the major components of SDLC which checks the codebase for static errors that helps in identifying potential bugs and vulnerabilities. This approach is vital for smaller teams in industries having less bandwidth or in long-term academic projects. We discuss the development of a customized CI/CD pipeline in detail. Finally, a ReactJS based GUI is designed to obtain the pipeline status and SAT results.
Validation Test Codes Development of Static Analysis Tool for Secure Software
