Fontes, Ramon dos ReisPinto, Marcelo Martins2025-06-062025-06-062025-02-25PINTO, Marcelo Martins. AppSeg: um sistema para apoio à adoção de DevSecOps. Orientador: Dr. Ramon do Reis Fontes. 2025. 129f. Dissertação (Mestrado Profissional em Tecnologia da Informação) - Instituto Metrópole Digital, Universidade Federal do Rio Grande do Norte, Natal, 2025.https://repositorio.ufrn.br/handle/123456789/63867The Brazilian Judiciary, comprised of ninety-four Courts (source: CNJ, 12/01/2023) and their respective Information and Communication Technology departments, faces the crucial challenge of unifying its judicial systems. Despite the efforts of the National Council of Justice (CNJ), there is still a qualifiable disparity between administrative and support systems, manifested in the lack of specific regulations for their development. This diversity of solutions, combined with different personnel structures, technical capabilities and infrastructures, makes it difficult to control the applications in use, meet deadlines for development, distribution and implementation and, especially, software security, with regard to aspects of vulnerability analysis. To address these challenges, the proposal is to implement software that supports IT areas in adopting the DevSecOps methodology, integrating development, security and operations. This approach aims to break down information islands resulting from lack of sharing, distribute responsibilities and knowledge more efficiently, increase transparency in the IT area, improve quality and reduce development time, in addition to optimizing software maintenance throughout its life cycle. The development of the solution was based on a literature review to identify best practices, such as including security analysis from the initial phases of the development life cycle and tools, such as Burp Suite, for security verification. The proposed solution is a software that supports IT areas in controlling applications in use, their configurations and dependencies, in automating the provision of infrastructure, software version releases and, especially, in identifying vulnerabilities, identified by various types of analysis, such as SAST, DAST and SCA. The main contributions brought by this research aim to contribute to the adoption of the DevSecOps culture and systems security in the Regional Labor Court of the 21st Region, proposing an innovative solution, by enabling centralized access to information about applications, their dependencies and results of vulnerability analyses, which can be replicated in other public bodies, whether they are part of the Judiciary or not.pt-BRAcesso AbertoDevSecOpsSegurançaVulnerabilidadeIntegraçãomasterThesisENGENHARIAS