DevSecOps

The article presents an approach to prioritizing security controls for CI/CD process. While this process enhances development speed and flexibility, it also increases the attack surface and introduces risks to software supply chains. The proposed approach integrates STRIDE threat modeling, NIST SSDF practices, and the Analytic Hierarchy Process (AHP) to support structured decision-making. Security controls have been first identified and adapted to CI/CD environments, after which potential threats have been analyzed using STRIDE.

This article is licensed under the Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0)

This paper proposes and evaluates a hybrid LLM-SAST pipeline for integrating Large Language Model (LLM)-based Static Application Security Testing (SAST) into Continuous Integration and Continuous Delivery (CI/CD) workflows of cloud-native telecommunication systems deployed on Kubernetes clusters.

This paper presents a framework for automating software development security using a Security as Code approach enhanced with a multi-agent artificial intelligence system. The research addresses the limitations of traditional DevSecOps practices by deploying specialized AI agents to perform static code analysis, generate and enforce security policies, and monitor system behavior. The architecture integrates security throughout the CI/CD pipeline and runtime, enabling autonomous decision-making, adaptability to threats, and reduced developer overhead.

The article examines the relevance of integrating source code analysis tools, specifically Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), into modern secure software development processes based on the innovative DevSecOps methodology. A review of scientific approaches and current practices for integrating security tools into CI/CD pipelines is provided, analyzing the advantages and limitations of SAST and DAST, as well as outlining trends in the development of combined security methods.

The article investigates the integration of information security into Agile software development processes, focusing on the adaptation of DevSecOps methods. The goal was to enhance the implementation of security practices by reducing vulnerability detection time, simplifying the integration of security into the development cycle, and improving team collaboration. The analysis revealed that automation of security testing reduces vulnerability detection time by 40%, while cross-functional teams improve collaboration by 30%.