1. SISN
  2. All Volumes and Issues
  3. Volume 18, 2025
  4. Integration of Source Code Analysis Tools Into the Innovative DevSecOps Methodology

Integration of Source Code Analysis Tools Into the Innovative DevSecOps Methodology

SISN.
2025;
Volume 18
: pp. 209 - 228
Authors:
  1. Oleksii Duda
  2. Mykola Orlov
  3. Ihor Pavliv
1
Ternopil Ivan Puluj National Technical University, Computer Science Department, Lviv, Ukraine
2
Lviv Polytechnic National University, Information Systems and Networks Department, Lviv, Ukraine
3
Lviv Polytechnic National University, Department of Information Systems and Networks, Lviv, Ukraine

The article examines the relevance of integrating source code analysis tools, specifically Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), into modern secure software development processes based on the innovative DevSecOps methodology. A review of scientific approaches and current practices for integrating security tools into CI/CD pipelines is provided, analyzing the advantages and limitations of SAST and DAST, as well as outlining trends in the development of combined security methods. The article presents a generalized model for integrating these tools into a DevSecOps environment and experimental research results on the effectiveness of using SAST and DAST individually and in combination. Practical recommendations are formulated for optimizing the selection of tools and improving software security while maintaining the performance of CI/CD processes.

DevSecOps
CI/CD
SAST
DAST
software security
automated testing
integration of security tools
  1. Angermeir, F., Fischbach, J., Moyón, F., & Méndez Fernández, D. (2024). Towards automated continuous security compliance. Proceedings of the 2024 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 440–446. https://doi.org/10.1145/3674805.3690748.
  2. Banik, S., & Kothamali, P. R. (2019). Developing an End-to-End QA Strategy for Secure Software: Insights from SQA Management. International Journal of Machine Learning Research in Cybersecurity and Artificial Intelligence, 10(1), 125-155
  3. Basu, A., Sengupta, S., Bhattacharya, A., Srivastava, S., Mishra, A., & Daniher, S. (2023). Enhancing DevSecOps: Securing CI/CD pipelines on cloud platforms. https://www.researchgate.net/publication/387694577_ Enhancing_DevSecOps_Securing_CICD_Pipelines_on_Cloud_Platforms
  4. Campbell, Larry. (2021). DevSecOps: Integrating Security into DevOps. https://www.researchgate.net/ pub- lication/ 392104352_DevSecOps_Integrating_Security_into_DevOps
  5. Charoenwet, W., Thongtanunam, P., Pham, V.-T., & Treude, C. (2024). An empirical study of static analysis tools for secure code review. arXiv. https://doi.org/10.48550/arXiv.2407. 12241
  6. Li, J., & Li, H. (2025). Evolution of application security based on OWASP Top 10 and CWE/SANS Top 25 with predictions for the 2025 OWASP Top 10. Proceedings of 2025 IEEE 5th International Conference on Information Communication and Technology (ICICT), 1178–1183. https://doi.org/10.1109/ICICT 64420.2025.11004742
  7. Pochu, S., & Kathram, S. (2024). Integrating security requirements into software development: A comprehensive approach to secure software design Bulletin of Engineering Science and Technology (BESTEC). Vol. 01, No. 03, 2024: 60-76
  8. Publication, Research. (2019). Integrating Security Into the DevOps Process (DevSecOps). SSRN Electronic Journal. 4. 269-281
  9. Rangnau, T., Buijtenen, R., Fransen, F., & Turkmen, F. (2020). Continuous security testing: A case study on integrating dynamic security testing tools in CI/CD pipelines. Enterprise Distributed Object Computing Conference (EDOC), 145–154. https://doi.org/10.1109/EDOC49727.2020.00026
  10. Sharma,    S.,     &     Chatterjee,    S.     (2021).     DevSecOps:     Integrating        security       practices       into     DevOps https://www.researchgate.net/publication/383334897_Integrating_Security_Into_the_DevOps_Process_De vSecOps
  11. Yadati, N. S. P. K. (2021). Integrating dynamic security testing tools into CI/CD pipelines: A continuous security testing case study. International Journal of Science and Research (IJSR), 10, 1403–1405. https://doi.org/10.21275/SR24615152732