Integrating scientific single-page applications with DevSecOps

IF 6.2 2区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS Future Generation Computer Systems-The International Journal of Escience Pub Date : 2025-05-01 Epub Date: 2024-12-31 DOI:10.1016/j.future.2024.107695

Lance Drane, Marshall McDonnell, Randall Petras, Cody Stiner, Arthur J. Ruckman, Gavin M. Wiggins, Gregory Cage, Robert Smith, Seth Hitefield, Jesse McGaha, Andrew Ayres, Mike Brim, Richard Archibald, Addi Malviya-Thakur

{"title":"Integrating scientific single-page applications with DevSecOps","authors":"Lance Drane, Marshall McDonnell, Randall Petras, Cody Stiner, Arthur J. Ruckman, Gavin M. Wiggins, Gregory Cage, Robert Smith, Seth Hitefield, Jesse McGaha, Andrew Ayres, Mike Brim, Richard Archibald, Addi Malviya-Thakur","doi":"10.1016/j.future.2024.107695","DOIUrl":null,"url":null,"abstract":"<div><div>In the rapidly evolving field of frontend development, Single-Page Applications (SPAs) stand out for their ability to create dynamic and interactive web applications, particularly valuable in scientific software for their real-time data integration and complex workflow management. However, the process of creating a single-page web application development environment that accurately reflects the production environment isn’t always straightforward. Most SPA build systems assume configuration at build time, while DevSecOps engineers prefer runtime configuration. This paper proposes a unique, framework-agnostic methodology designed to bridge this divide, facilitating the seamless integration of SPAs within the DevSecOps framework without necessitating expertise in both domains. Leveraging environmental variables, Docker, and a strategic approach to Content Security Policy (CSP), we provide a comprehensive guide for developing, deploying, and securing SPAs in a manner that is both efficient and secure. Applying this method to the INTERSECT and Smart Spectral Matching platforms, we demonstrate its effectiveness in enhancing both the development process and the user experience in scientific applications, thereby addressing the complex challenges faced by research software engineers in the current landscape.</div></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":"166 ","pages":"Article 107695"},"PeriodicalIF":6.2000,"publicationDate":"2025-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X24006599","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/12/31 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

In the rapidly evolving field of frontend development, Single-Page Applications (SPAs) stand out for their ability to create dynamic and interactive web applications, particularly valuable in scientific software for their real-time data integration and complex workflow management. However, the process of creating a single-page web application development environment that accurately reflects the production environment isn’t always straightforward. Most SPA build systems assume configuration at build time, while DevSecOps engineers prefer runtime configuration. This paper proposes a unique, framework-agnostic methodology designed to bridge this divide, facilitating the seamless integration of SPAs within the DevSecOps framework without necessitating expertise in both domains. Leveraging environmental variables, Docker, and a strategic approach to Content Security Policy (CSP), we provide a comprehensive guide for developing, deploying, and securing SPAs in a manner that is both efficient and secure. Applying this method to the INTERSECT and Smart Spectral Matching platforms, we demonstrate its effectiveness in enhancing both the development process and the user experience in scientific applications, thereby addressing the complex challenges faced by research software engineers in the current landscape.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

集成科学单页应用程序与DevSecOps

在快速发展的前端开发领域，单页应用程序（spa）因其创建动态和交互式web应用程序的能力而脱颖而出，特别是在科学软件中具有实时数据集成和复杂工作流管理的价值。然而，创建准确反映生产环境的单页web应用程序开发环境的过程并不总是直截了当的。大多数SPA构建系统在构建时假定配置，而DevSecOps工程师更喜欢运行时配置。本文提出了一种独特的、与框架无关的方法，旨在弥合这一鸿沟，促进spa在DevSecOps框架内的无缝集成，而无需在两个领域都具备专业知识。利用环境变量、Docker和内容安全策略（Content Security Policy， CSP）的战略方法，我们提供了以高效和安全的方式开发、部署和保护spa的全面指南。将该方法应用于INTERSECT和智能光谱匹配平台，我们证明了其在提高科学应用的开发过程和用户体验方面的有效性，从而解决了研究软件工程师在当前环境中面临的复杂挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Future Generation Computer Systems-The International Journal of Escience 工程技术-计算机：理论方法

CiteScore

19.90

自引率

2.70%

发文量

376

审稿时长

10.6 months

期刊介绍： Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications. Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration. Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.