TY - JOUR
T1 - Integrating scientific single-page applications with DevSecOps
AU - Drane, Lance
AU - McDonnell, Marshall
AU - Petras, Randall
AU - Stiner, Cody
AU - Ruckman, Arthur J.
AU - Wiggins, Gavin M.
AU - Cage, Gregory
AU - Smith, Robert
AU - Hitefield, Seth
AU - McGaha, Jesse
AU - Ayres, Andrew
AU - Brim, Mike
AU - Archibald, Richard
AU - Malviya-Thakur, Addi
N1 - Publisher Copyright:
© 2024
PY - 2025/5
Y1 - 2025/5
N2 - In the rapidly evolving field of frontend development, Single-Page Applications (SPAs) stand out for their ability to create dynamic and interactive web applications, particularly valuable in scientific software for their real-time data integration and complex workflow management. However, the process of creating a single-page web application development environment that accurately reflects the production environment isn't always straightforward. Most SPA build systems assume configuration at build time, while DevSecOps engineers prefer runtime configuration. This paper proposes a unique, framework-agnostic methodology designed to bridge this divide, facilitating the seamless integration of SPAs within the DevSecOps framework without necessitating expertise in both domains. Leveraging environmental variables, Docker, and a strategic approach to Content Security Policy (CSP), we provide a comprehensive guide for developing, deploying, and securing SPAs in a manner that is both efficient and secure. Applying this method to the INTERSECT and Smart Spectral Matching platforms, we demonstrate its effectiveness in enhancing both the development process and the user experience in scientific applications, thereby addressing the complex challenges faced by research software engineers in the current landscape.
AB - In the rapidly evolving field of frontend development, Single-Page Applications (SPAs) stand out for their ability to create dynamic and interactive web applications, particularly valuable in scientific software for their real-time data integration and complex workflow management. However, the process of creating a single-page web application development environment that accurately reflects the production environment isn't always straightforward. Most SPA build systems assume configuration at build time, while DevSecOps engineers prefer runtime configuration. This paper proposes a unique, framework-agnostic methodology designed to bridge this divide, facilitating the seamless integration of SPAs within the DevSecOps framework without necessitating expertise in both domains. Leveraging environmental variables, Docker, and a strategic approach to Content Security Policy (CSP), we provide a comprehensive guide for developing, deploying, and securing SPAs in a manner that is both efficient and secure. Applying this method to the INTERSECT and Smart Spectral Matching platforms, we demonstrate its effectiveness in enhancing both the development process and the user experience in scientific applications, thereby addressing the complex challenges faced by research software engineers in the current landscape.
KW - Content-Security-Policy
KW - DevSecOps
KW - Docker
KW - Frontend
KW - Security
KW - Single-page application
UR - http://www.scopus.com/inward/record.url?scp=85214339730&partnerID=8YFLogxK
U2 - 10.1016/j.future.2024.107695
DO - 10.1016/j.future.2024.107695
M3 - Article
AN - SCOPUS:85214339730
SN - 0167-739X
VL - 166
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
M1 - 107695
ER -