A quantitative DevSecOps assessment framework for cloud-based web microservices

Zhang, Jin Yu

08 January 2024

In the dynamic domain of Development, Security, and Operations (DevSecOps), a quantitative approach is critical, with the usage of metrics being a key method to realize this goal. However, there is a notable absence of a set of metrics and assessment specifically for Cloud-Based Web Microservices (CBWMs) within a DevSecOps framework. This study seeks to fill this void by developing a quantitative assessment framework designed for CBWMs in the context of DevSecOps. Utilizing a Multi-Vocal Literature Review (MLR) methodology, we gathered and analyzed 92 documents from 2018 to 2023, sourced from IEEE Xplore, Springer, and Google, to select twelve effective metrics for CBWM assessment within DevSecOps. These metrics, categorized by scale and interrelationships, were chosen due to the tools available in the market for obtaining them, their general applicability across various CBWMs, and their clearly defined measurements and criteria. Each metric is supported by academic and industry literature, providing a comprehensive basis for their selection. Leveraging the Constructive Cost Model (COCOMO) II and the stages of Development and Operations (DevOps) – Plan, Code, Build, Test, Release, Deploy, Operate, and Monitor – our framework outlines an assessment flow that segments into three phases - Development, Integration, and Post-Deployment, aligning with the iterative Software Development Life Cycle (SDLC). This structure facilitates continuous improvement of CBWMs within a DevSecOps framework using these carefully selected metrics. / 2025-01-08T00:00:00Z

Computer science

Metrics

Multi-vocal literature review

Security