Security-Driven Pipelines: Embedding DevSecOps into CI/CD Workflows
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V3I1P110Keywords:
DevSecOps, CI/CD, Pipeline Security, Application Security, Automation, Secure SDLC, Vulnerability Scanning, Secure CodingAbstract
Continuous Integration and Continuous Deployment (CI/CD) pipelines have become basic elements of these modern development approaches in the accelerated software delivery environment as they enable too many quick releases and iterative improvements. The dangers associated with software vulnerabilities, misconfigurations, and the compliance failures have also grown as the speed of deployment has been accelerated. DevSecOps have emerged from the shift in the threat landscape from traditional security upgrades to integrated security approaches. DevSecOps, which represents a cultural and technical endeavor to directly include security into the development process, stands for Development, Security, and Operations. This paper investigates how security-oriented pipelines help development teams to actively identify, address, and reduce dangers while keeping pace. It investigates the evolution of CI/CD techniques and the growing demand of security integration from the early stages of code development to implementation. Using actual world case studies and modern corporate practices, we investigate how automated security checks, policy enforcement tools, and threat models may be seamlessly included into pipelines. Principal findings show that continuous monitoring, inter-team communication, and the security automation not only help to reduce risk but also raise general software quality and delivery assurance. Using tools like static analysis scanners, dependency checks, and compliance frameworks that line up with corporate goals, we meticulously investigate the placement of security gates. This article looks at a case study of a mid-sized company's switch to DevSecOps, stressing both measurable benefits and the pragmatic challenges. Including security into CI/CD is now absolutely necessary rather than just a choice. The findings show that building trust, resilience, and sustainability in modern software delivery depends on these security-oriented pipelines
Downloads
References
[1] Deegan, Conor. Continuous Security; Investigation of the DevOps Approach to Security. Diss. Dublin, National College of Ireland, 2020.
[2] Brás, André Emanuel Raínho. Container Security in CI/CD Pipelines. MS thesis. Universidade de Aveiro (Portugal), 2021.
[3] Boda, Vishnu Vardhan Reddy. "CI/CD in FinTech: How Automation is Changing the Game." Journal of Innovative Technologies 2.1 (2019).
[4] Talakola, Swetha. “Challenges in Implementing Scan and Go Technology in Point of Sale (POS) Systems”. Essex Journal of AI Ethics and Responsible Innovation, vol. 1, Aug. 2021, pp. 266-87
[5] Lamponen, Niclas. "Implementation of secure workflow for DevOps from best practices viewpoint." (2021).
[6] Sai Prasad Veluru. “Real-Time Fraud Detection in Payment Systems Using Kafka and Machine Learning”. JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING ( JRTCSE), vol. 7, no. 2, Dec. 2019, pp. 199-14
[7] Tyagi, Anuj. "Intelligent DevOps: Harnessing Artificial Intelligence to Revolutionize CI/CD Pipelines and Optimize Software Delivery Lifecycles." Journal of Emerging Technologies and Innovative Research 8 (2021): 367-385.
[8] Paidy, Pavan. “Scaling Threat Modeling Effectively in Agile DevSecOps”. American Journal of Data Science and Artificial Intelligence Innovations, vol. 1, Oct. 2021, pp. 556-77
[9] Jawed, Mohammed. Continuous security in DevOps
[10] environment: Integrating automated security checks at each stage of continuous deployment pipeline. Diss. Wien, 2019.
[11] Veluru, Sai Prasad. "Leveraging AI and ML for Automated Incident Resolution in Cloud Infrastructure." International Journal of Artificial Intelligence, Data Science, and Machine Learning 2.2 (2021): 51-61.
[12] Talakola, Swetha. “Comprehensive Testing Procedures”. International Journal of AI, BigData, Computational and Management Studies, vol. 2, no. 1, Mar. 2021, pp. 36-46
[13] Campbell, Larry. "DevSecOps: Integrating Security into DevOps." (2021).
[14] “Privacy-Preserving AI in Provider Portals: Leveraging Federated Learning in Compliance With HIPAA”. The Distributed Learning and Broad Applications in Scientific Research, vol. 6, Oct. 2020, pp. 1116-45
[15] Sreedhar, C., and Varun Verma Sangaraju. "A Survey On Security Issues In Routing In MANETS." International Journal of Computer Organization Trends 3.9 (2013): 399-406.
[16] Hsu, Tony Hsiang-Chih. Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps. Packt Publishing Ltd, 2018.
[17] Mohammad, Abdul Jabbar. “Sentiment-Driven Scheduling Optimizer”. International Journal of Emerging Research in Engineering and Technology, vol. 1, no. 2, June 2020, pp. 50-59
[18] Datla, Lalith Sriram, and Rishi Krishna Thodupunuri. “Applying Formal Software Engineering Methods to Improve Java-Based Web Application Quality”. International Journal of Artificial Intelligence, Data Science, and Machine Learning, vol. 2, no. 4, Dec. 2021, pp. 18-26
[19] Anusha Atluri, and Teja Puttamsetti. “The Future of HR Automation: How Oracle HCM Is Transforming Workforce Efficiency”. JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING ( JRTCSE), vol. 7, no. 1, Mar. 2019, pp. 51–65
[20] Paidy, Pavan. “Log4Shell Threat Response: Detection, Exploitation, and Mitigation”. American Journal of Data Science and Artificial Intelligence Innovations, vol. 1, Dec. 2021, pp. 534-55
[21] Alluri, Rama Raju, et al. "DevOps Project Management: Aligning Development and Operations Teams." Journal of Science & Technology 1.1 (2020): 464-87.
[22] Sai Prasad Veluru. “Optimizing Large-Scale Payment Analytics With Apache Spark and Kafka”. JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING ( JRTCSE), vol. 7, no. 1, Mar. 2019, pp. 146–163
[23] Kupunarapu, Sujith Kumar. "AI-Enhanced Rail Network Optimization: Dynamic Route Planning and Traffic Flow Management." International Journal of Science And Engineering 7.3 (2021): 87-95.
[24] Jani, Parth. “Integrating Snowflake and PEGA to Drive UM Case Resolution in State Medicaid”. American Journal of Autonomous Systems and Robotics Engineering, vol. 1, Apr. 2021, pp. 498-20
[25] Koopman, Michael. A framework for detecting and preventing security vulnerabilities in continuous integration/continuous delivery pipelines. MS thesis. University of Twente, 2019.
[26] Kupunarapu, Sujith Kumar. "AI-Enabled Remote Monitoring and Telemedicine: Redefining Patient Engagement and Care Delivery." International Journal of Science And Engineering 2.4 (2016): 41-48.
[27] Sangaraju, Varun Varma, and Senthilkumar Rajagopal. "Danio rerio: A Promising Tool for Neurodegenerative Dysfunctions." Animal Behavior in the Tropics: Vertebrates: 47.
[28] Arugula, Balkishan, and Sudhkar Gade. “Cross-Border Banking Technology Integration: Overcoming Regulatory and Technical Challenges”. International Journal of Emerging Research in Engineering and Technology, vol. 1, no. 1, Mar. 2020, pp. 40-48
[29] Viitasuo, Ella. "Adding security testing in DevOps software development with continuous integration and continuous delivery practices." (2020).
[30] Ali Asghar Mehdi Syed. “Impact of DevOps Automation on IT Infrastructure Management: Evaluating the Role of Ansible in Modern DevOps Pipelines”. JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING ( JRTCSE), vol. 9, no. 1, May 2021, pp. 56–73
[31] Kumar, Rakesh, and Rinkaj Goyal. "When security meets velocity: Modeling continuous security for cloud applications using DevSecOps." Innovative Data Communication Technologies and Application: Proceedings of ICIDCA 2020. Springer Singapore, 2021.
[32] Abdul Jabbar Mohammad. “Cross-Platform Timekeeping Systems for a Multi-Generational Workforce”. American Journal of Cognitive Computing and AI Systems, vol. 5, Dec. 2021, pp. 1-22
[33] Datla, Lalith Sriram, and Rishi Krishna Thodupunuri. “Designing for Defense: How We Embedded Security Principles into Cloud-Native Web Application Architectures”. International Journal of Emerging Research in Engineering and Technology, vol. 2, no. 4, Dec. 2021, pp. 30-38
[34] Yasodhara Varma Rangineeni. “End-to-End MLOps: Automating Model Training, Deployment, and Monitoring”. JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING ( JRTCSE), vol. 7, no. 2, Sept. 2019, pp. 60-76
[35] Morales, Jose, et al. "Guide to implementing devsecops for a system of systems in highly regulated environments." (2020).
[36] Arugula, Balkishan. “Change Management in IT: Navigating Organizational Transformation across Continents”. International Journal of AI, BigData, Computational and Management Studies, vol. 2, no. 1, Mar. 2021, pp. 47-56
[37] Jani, Parth. "Modernizing Claims Adjudication Systems with NoSQL and Apache Hive in Medicaid Expansion Programs." JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING (JRTCSE) 7.1 (2019): 105-121.
[38] Akujobi, Joshua Chukwukamneleanya. A model for measuring improvement of security in continuous integration pipelines: Metrics and four-axis maturity driven devsecops (mfam). MS thesis. University of Twente, 2021.
[39] Sangeeta Anand, and Sumeet Sharma. “Leveraging ETL Pipelines to Streamline Medicaid Eligibility Data Processing”. American Journal of Autonomous Systems and Robotics Engineering, vol. 1, Apr. 2021, pp. 358-79
[40] Permadi, Bagus. "DevSecOps Support on Continuous Integration Deployment of TRAC Applications for Mobile iOS and Android with Continuous Integration Method."
