Description
Software must adhere to relevant laws, regulations and applicable standards. The growing software industry demands an increase for software services, software providers face the challenge of managing software compliance. Traditionally, compliance checking was a manual process; however, this has evolved as a result of the implementation of new software development methodologies. In this thesis, an approach based on the DevSecOps methodology to automate software compliance in continuous integration and continuous development pipeline, by leveraging emerging technologies, such as smart contracts and large-language models is presented. Additionally, the processes and challenges involved in implementing software compliance within an organization for compliance automation and facilitate continuous audits are discussed. In this thesis, an illustrative example is presented to demonstrate the approach with a simulation of HIPAA compliance implementation. In this thesis, comparison between the proposed approach and existing centralized approaches for software compliance is present. A baseline comparison is made with existing approaches that address the same challenges and a comparison analysis is presented. The proposed approach accurately provides continuous insights on changing and complex compliance requirements by reducing errors associated with manual compliance, and addresses the challenges discussed in the thesis. This approach can significantly improve the state of automatic compliance by continuously investigating, identifying, reporting, and auditing compliance related issues in software development practices.
Details
Title
- Automated Software Compliance Using Smart Contracts and Large Language Models in Continuous Integration and Continuous Deployment with DevSecOps
Contributors
- Pandya, Krutik (Author)
- Yau, Stephen S (Thesis advisor)
- Ahn, Gail-Joon (Committee member)
- Zhao, Ming (Committee member)
- Wang, Ruoyu (Committee member)
- Arizona State University (Publisher)
Date Created
The date the item was original created (prior to any relationship with the ASU Digital Repositories.)
2024
Subjects
Resource Type
Collections this item is in
Note
- Partial requirement for: M.S., Arizona State University, 2024
- Field of study: Software Engineering