Feb, 2024
Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines
National Institute of Standards and Technology (U.S.)
Chandramouli, Ramaswamy; Kautz, Frederick; Torres-Arias, Santiago
From the document: "The predominant application architecture for cloud-native applications consists of multiple microservices, accompanied in some instances by a centralized application infrastructure, such as a service mesh, that provides all application services. This class of applications is generally developed using a flexible and agile software development paradigm called DevSecOps. A salient feature of this paradigm is the use of flow processes called continuous integration and continuous deployment (CI/CD) pipelines, which initially take the software through various stages (e.g., build, test, package, and deploy) in the form of source code through operations that constitute the software supply chain (SSC) in order to deliver a new version of software. This document outlines strategies for integrating SSC security measures into CI/CD pipelines."
    Details
  • URL
  • Authors
    Chandramouli, Ramaswamy
    Kautz, Frederick
    Torres-Arias, Santiago
  • Publisher
    National Institute of Standards and Technology (U.S.)
  • Report Number
    NIST Special Publication 800, NIST SP 800-204D; National Institute of Standards and Technology Special Publication 800, National Institute of Standards and Technology SP 800-204D
  • Date
    Feb, 2024
  • Copyright
    Public Domain
  • Retrieved From
    National Institute of Standards and Technology: www.nist.gov/
  • Format
    pdf
  • Media Type
    application/pdf
  • Subjects
    Cloud computing
    Computer software--Development

Citing HSDL Resources

Documents from the HSDL collection cannot automatically be added to citation managers (e.g. Refworks, Endnotes, etc). This HSDL abstract page contains some of the pieces you may need when citing a resource, such as the author, publisher and date information. We highly recommend you always refer to the resource itself as the most accurate source of information when citing. Here are some sources that can help with formatting citations (particularly for government documents).

Worldcat: http://www.worldcat.org/

Indiana University Guide: Citing U.S. Government Publications: http://libraries.iub.edu/guide-citing-us-government-publications
Clear examples for citing specific types of government publications in a variety of formats. It does not address citing according to specific style guides.

Naval Postgraduate School: Dudley Knox Library. Citing Styles: http://libguides.nps.edu/citation
Specific examples for citing government publications according to APA and Chicago style guides. Click on the link for your preferred style then navigate to the specific type of government publication.

Scroll to Top