DevOps is a common software development model in recent years. The spirit of DevOps is to integrate development and operation (DevOps). However, with the rise of security information security risks, the security requirements for software development quality are stricter. How to integrate the security into the software development culture is a challenge for DevOps development process. By adding security into the CI (Continuous Integration) /CD (Continuous Deployment) pipeline, the developers can identify the problems more efficiently, and improve the quality of software products. 

III DevOps tool solution based on open source software is developed by Institute for Information Industry to integrate information security into the DevOps process. The tool also applies the open source software license terms.  

The purpose is to integrate information security testing tools into the CI/CD development process. During the software development process, after the developer uploads the source code, the testing can be initiated automatically after the developer uploads the source code, including information security testing such as Source Code Analysis and Vulnerability Assessment  

The testing result can be generated automatically to the platform, and this will allow users to quickly find out the quality and current software development status. 

And it can automatically return the test results to the platform, allowing users to quickly understand the quality and status of the current software development, so that developers can view related problems at the early stage of the software, avoiding past testing modes, which are only found in the final testing stage of the product Problems, but thought it was too late, or it took a lot of material and manpower to improve the problem.

Function and features: 

1. Include both software engineering, and CI/CD project management requirements: integrate Gitlab, jenkins, Rancher, Redmine, Postman... and many open source solutions.

2. The platform provides multi-role functions: there are three main roles, including system administrators, project managers, and developers. And the platform provides management interfaces and tools to each role.

3. Switch between the open source tools and III DevOps user interface: users can use the interface provided by the III DevOps platform or open source tools such as Gitlab, Redmine, etc.

4. Containerization: system components and systems are deployed on Kubernetes, which can support Horizontal Pod Autoscaler (HPA).

5. Support multi-environment deployment: provide optional fast deployment services for different development languages, frameworks, and execution environments.

6. Flexible value-added service: The platform provides a system interface with external tools, such as information security inspection tools (Checkmarx, CxSAST, Fortify, WebInspect, SonarQube…etc.). 

7. Strengthen DevOps automation: According to the flexible value-added services, the test results can be converted into issue to developers automatically in continuous DevOps cycle.

In Cybersec 2021, the integrated III-DevOps tools, fault tolerance techniques, and multi-cloud management technology will be exhibited at booth S10 by Institute for Information Industry. 

For more information please visit www.iiidevops.org