%0 Journal Article
%T Sher: A Secure Broker for DevSecOps and CI/CD Workflows
%A Pranau Kumar
%A Vijay K. Madisetti
%J Journal of Software Engineering and Applications
%P 321-339
%@ 1945-3124
%D 2024
%I Scientific Research Publishing
%R 10.4236/jsea.2024.175018
%X GitHub Actions, a popular CI/CD platform, introduces significant security challenges due to its integration with GitHub&amp;#8217;s open ecosystem and its use of flexible workflow configurations. This paper presents &lt;i&gt;Sher&lt;/i&gt;, a Python-based tool that enhances the security of GitHub Actions by automating the detection and remediation of security issues in workflows. Self-Hosted Ephemeral Runner, or Sher, acts as a broker between GitHub&amp;#8217;s APIs and a customizable, isolated environment, analyzing workflows through a static rules engine and automatically fixing identified issues. By providing a secure, ephemeral runner environment and a dynamic analysis tool, Sher addresses common misconfigurations and vulnerabilities, contributing to the resilience and integrity of DevSecOps practices within software development pipelines.
%K CI/CD Pipelines
%K GitHub
%K GitOps
%K DevSecOps
%K Isolation
%K Security
%K SAST
%U http://www.scirp.org/journal/PaperInformation.aspx?PaperID=133473