DevSecOps

This paper presents a framework for automating software development security using a Security as Code approach enhanced with a multi-agent artificial intelligence system. The research addresses the limitations of traditional DevSecOps practices by deploying specialized AI agents to perform static code analysis, generate and enforce security policies, and monitor system behavior. The architecture integrates security throughout the CI/CD pipeline and runtime, enabling autonomous decision-making, adaptability to threats, and reduced developer overhead.

The article examines the relevance of integrating source code analysis tools, specifically Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), into modern secure software development processes based on the innovative DevSecOps methodology. A review of scientific approaches and current practices for integrating security tools into CI/CD pipelines is provided, analyzing the advantages and limitations of SAST and DAST, as well as outlining trends in the development of combined security methods.

The article investigates the integration of information security into Agile software development processes, focusing on the adaptation of DevSecOps methods. The goal was to enhance the implementation of security practices by reducing vulnerability detection time, simplifying the integration of security into the development cycle, and improving team collaboration. The analysis revealed that automation of security testing reduces vulnerability detection time by 40%, while cross-functional teams improve collaboration by 30%.