Sok: Zero Trust as a Strategy to Address Devsecops Challenges

Anita Nair; SERENA NICOLAZZO; Antonino Nocera; K. A. Rafidha Rehiman; P. Vinod

doi:10.1109/eurospw67616.2025.00069

Sok: Zero Trust as a Strategy to Address Devsecops Challenges

Anita Nair
, SERENA NICOLAZZO
, Antonino Nocera
, K. A. Rafidha Rehiman
, P. Vinod

Department of Science and Technological Innovation

Research output: Contribution to conference › Paper › peer-review

Abstract

Over recent years, Development, Security, and Operations (DevSecOps, hereafter) has evolved as a unique shift-left strategy that integrates security practices, early on in the Development and Operations (DevOps, for short) software development methodology. However, DevSecOps is not devoid of challenges. Insecure tools and insider attacks are some of the threats that can escape the security controls enforced in DevSecOps pipelines. In this paper, we analyze the possibility of embedding Zero Trust into the organization's developer workflow as a strategy to further secure DevSecOps by removing the implicit trust among the various components of the pipelines. Based on a systematic review of the present literature and for each phase of the DevSecOps life cycle, we evaluated the possible integration of current ZTA approaches.

Original language	English
Pages	546-554
Number of pages	9
DOIs	https://doi.org/10.1109/eurospw67616.2025.00069
Publication status	Published - 2025
Event	10th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2025 - Ca'Foscari University, ita Duration: 1 Jan 2025 → …

Conference

Conference	10th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2025
City	Ca'Foscari University, ita
Period	1/01/25 → …

Keywords

CI/CD Pipeline security
DevSecOps
Zero Trust Architecture
ZTA

Access to Document

10.1109/eurospw67616.2025.00069

https://hdl.handle.net/11579/226645

Cite this

@conference{67226b8f14154533ba76fc73b223d5f7,

title = "Sok: Zero Trust as a Strategy to Address Devsecops Challenges",

abstract = "Over recent years, Development, Security, and Operations (DevSecOps, hereafter) has evolved as a unique shift-left strategy that integrates security practices, early on in the Development and Operations (DevOps, for short) software development methodology. However, DevSecOps is not devoid of challenges. Insecure tools and insider attacks are some of the threats that can escape the security controls enforced in DevSecOps pipelines. In this paper, we analyze the possibility of embedding Zero Trust into the organization's developer workflow as a strategy to further secure DevSecOps by removing the implicit trust among the various components of the pipelines. Based on a systematic review of the present literature and for each phase of the DevSecOps life cycle, we evaluated the possible integration of current ZTA approaches.",

keywords = "CI/CD Pipeline security, DevSecOps, Zero Trust Architecture, ZTA, CI/CD Pipeline security, DevSecOps, Zero Trust Architecture, ZTA",

author = "Anita Nair and SERENA NICOLAZZO and Antonino Nocera and \{Rafidha Rehiman\}, \{K. A.\} and P. Vinod",

year = "2025",

doi = "10.1109/eurospw67616.2025.00069",

language = "English",

pages = "546--554",

note = "10th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2025 ; Conference date: 01-01-2025",

}

TY - CONF

T1 - Sok: Zero Trust as a Strategy to Address Devsecops Challenges

AU - Nair, Anita

AU - NICOLAZZO, SERENA

AU - Nocera, Antonino

AU - Rafidha Rehiman, K. A.

AU - Vinod, P.

PY - 2025

Y1 - 2025

N2 - Over recent years, Development, Security, and Operations (DevSecOps, hereafter) has evolved as a unique shift-left strategy that integrates security practices, early on in the Development and Operations (DevOps, for short) software development methodology. However, DevSecOps is not devoid of challenges. Insecure tools and insider attacks are some of the threats that can escape the security controls enforced in DevSecOps pipelines. In this paper, we analyze the possibility of embedding Zero Trust into the organization's developer workflow as a strategy to further secure DevSecOps by removing the implicit trust among the various components of the pipelines. Based on a systematic review of the present literature and for each phase of the DevSecOps life cycle, we evaluated the possible integration of current ZTA approaches.

AB - Over recent years, Development, Security, and Operations (DevSecOps, hereafter) has evolved as a unique shift-left strategy that integrates security practices, early on in the Development and Operations (DevOps, for short) software development methodology. However, DevSecOps is not devoid of challenges. Insecure tools and insider attacks are some of the threats that can escape the security controls enforced in DevSecOps pipelines. In this paper, we analyze the possibility of embedding Zero Trust into the organization's developer workflow as a strategy to further secure DevSecOps by removing the implicit trust among the various components of the pipelines. Based on a systematic review of the present literature and for each phase of the DevSecOps life cycle, we evaluated the possible integration of current ZTA approaches.

KW - CI/CD Pipeline security

KW - DevSecOps

KW - Zero Trust Architecture

KW - ZTA

KW - CI/CD Pipeline security

KW - DevSecOps

KW - Zero Trust Architecture

KW - ZTA

UR - https://iris.uniupo.it/handle/11579/226645

U2 - 10.1109/eurospw67616.2025.00069

DO - 10.1109/eurospw67616.2025.00069

M3 - Paper

SP - 546

EP - 554

T2 - 10th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2025

Y2 - 1 January 2025

ER -

Sok: Zero Trust as a Strategy to Address Devsecops Challenges

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this