Perancangan dan Implementasi Infrastruktur CI/CD DevSecOps pada Lingkungan On-Premise untuk Proyek Pengembangan Perangkat Lunak Berbasis Tim

Al Hafidz, Muhammad Zufar (2026) Perancangan dan Implementasi Infrastruktur CI/CD DevSecOps pada Lingkungan On-Premise untuk Proyek Pengembangan Perangkat Lunak Berbasis Tim. Project Report. [s.n.]. (Unpublished)

[thumbnail of 5025231022-Project_Report.pdf] Text
5025231022-Project_Report.pdf - Accepted Version
Restricted to Repository staff only

Download (1MB) | Request a copy

Abstract

Laboratorium Manajemen Cerdas Informasi (MCI) merupakan salah satu laboratorium di Departemen Teknik Informatika, Institut Teknologi Sepuluh Nopember yang aktif mengerjakan berbagai proyek pengembangan perangkat lunak berbasis tim. Dalam pelaksanaannya, proses pengembangan perangkat lunak memerlukan dukungan infrastruktur yang mampu menjamin kualitas kode, keamanan aplikasi, serta kecepatan dan konsistensi proses deployment. Produk yang kami kerjakan saat melakukan Kerja Praktik adalah infrastruktur CI/CD (Continuous Integration/Continuous Deployment) dengan pendekatan DevSecOps yang diimplementasikan pada lingkungan on-premise milik laboratorium. Pengguna utama dari infrastruktur yang kami kembangkan adalah tim developer internal Lab MCI yang membutuhkan pipeline otomatis untuk membangun, menguji, memindai, dan mendistribusikan perangkat lunak secara aman dan efisien. Infrastruktur dibangun dengan mengintegrasikan beberapa perangkat lunak utama, yaitu Gitlab CI sebagai orkestrator pipeline, TruffleHog untuk pemindaian secret, Semgrep sebagai alat Static Application Security Testing (SAST), Trivy untuk pemindaian filesystem dan container image, serta SonarQube untuk analisis kualitas kode. Kami diminta untuk merancang dan mengimplementasikan infrastruktur yang mampu mengintegrasikan aspek keamanan ke dalam setiap tahap software development lifecycle dengan kendala seminimal mungkin bagi tim pengembang. Pendekatan shift-left security diterapkan melalui kombinasi secret scanning, Static Application Security Testing (SAST), dan container/dependency scanning yang dilakukan secara otomatis pada setiap perubahan kode. Hasil evaluasi operasional menunjukkan bahwa infrastruktur terbukti handal dengan rata-rata waktu penyelesaian pipeline selama 5 menit 3 detik. Selain itu, integrasi instrumen keamanan terbukti presisi dalam mendeteksi celah keamanan pada tahap pre-deployment dengan mendeteksi 5 kerentanan dependensi pihak ketiga, sehingga kualitas perangkat lunak lebih terjamin sebelum didistribusikan ke lingkungan produksi.
=================================================================================================================================
The Intelligent Information Management (MCI) Laboratory is one of the laboratories in the Department of Informatics Engineering, Institut Teknologi Sepuluh Nopember, that actively works on various team-based software development projects. In its implementation, the software development process requires infrastructure support capable of ensuring code quality, application security, as well as the speed and consistency of the deployment process. The product we worked on during our Practical Work is a CI/CD (Continuous Integration/Continuous Deployment) infrastructure with a DevSecOps approach implemented in the laboratory's on-premise environment. The primary users of the infrastructure we developed are the internal developer teams of the MCI Lab who require an automated pipeline to build, test, scan, and distribute software securely and efficiently. The infrastructure was built by integrating several main software tools, namely GitLab CI as the pipeline orchestrator, TruffleHog for secret scanning, Semgrep as a Static Application Security Testing (SAST) tool, Trivy for filesystem and container image scanning, and SonarQube for code quality analysis. We were tasked with designing and implementing an infrastructure capable of integrating security aspects into every stage of the software development lifecycle with minimal friction for the development team. A shift-left security approach was implemented through a combination of secret scanning, Static Application Security Testing (SAST), and container/dependency scanning, performed automatically upon every code change. The operational evaluation results showed that the infrastructure proved to be reliable, with an average pipeline completion time of 5 minutes and 3 seconds. Furthermore, the integration of security instruments proved to be precise in detecting security vulnerabilities during the pre-deployment stage by identifying 5 third-party dependency vulnerabilities, ensuring better software quality before distribution to the production environment.

Item Type: Monograph (Project Report)
Uncontrolled Keywords: CI/CD, DevSecOps, GitLab CI, On-Premise, SAST
Subjects: T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing
Divisions: Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55201-(S1) Undergraduate Thesis
Depositing User: Muhammad Zufar Al Hafidz
Date Deposited: 10 Jul 2026 08:31
Last Modified: 10 Jul 2026 08:31
URI: http://repository.its.ac.id/id/eprint/134654

Actions (login required)

View Item View Item