A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
Communications of the ACM
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Basic Concepts and Taxonomy of Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing
Continuous Integration: Improving Software Quality and Reducing Risk (The Addison-Wesley Signature Series)
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation
Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation
Jenkins: The Definitive Guide
Reconciling software development models: A quasi-systematic review
Journal of Systems and Software
Improving early detection of software merge conflicts
Proceedings of the 34th International Conference on Software Engineering
| Hi-index | 0.00 |
Continuous Integration (CI) and Free, Libre and Open Source Software (FLOSS) are both associated with agile software development. Contradictingly, FLOSS projects have difficulties to use CI and software forges still lack support for CI. Two factors hamper widespread use of CI in FLOSS development: Cost of the computational resources and security risks of public CI services. Through security analysis of public CI services, this paper identifies possible attack vectors. To eliminate one class of attack vectors, the paper describes a concept that encapsulates a part of the CI system via virtualization. The concept is implemented as a proof of concept.