DevSecOps: Integrating Security Into the DevOps Lifecycle with AI and Automation

Authors

  • Praveen Kumar Thopalle USA. Author

Keywords:

DevSecOps, Security Automation, CI/CD Pipeline, Vulnerability Detection, Artificial Intelligence

Abstract

In today’s fast-paced software development landscape, security is more crucial than ever. Secure DevOps, or DevSecOps, aims to embed security throughout the software development lifecycle (SDLC), ensuring vulnerabilities are detected early rather than as an afterthought. Traditional DevOps prioritizes speed, efficiency, and reliability, often resulting in gaps where security measures are missed or delayed. This paper explores how DevSecOps integrates automated security protocols and leverages artificial intelligence (AI) to proactively detect and mitigate vulnerabilities within a continuous integration/continuous delivery (CI/CD) pipeline. By incorporating security seamlessly, DevSecOps transforms software development into a more resilient, reliable, and secure process, ultimately reducing risks and enhancing overall software quality.

References

AI for DevSecOps: A Landscape and Future Opportunities by Michael Fu, Jirat Pasuksmit, Chakkrit Tantithamthavorn

Unlocking the Power of AI/ML in DevSecOps: Strategies and Best Practices by Naveen Pakalapati, Bhargav Kumar Konidena, Ikram Ahamed Mohamed, https://doi.org/10.60087/jklst.vol2.n2.p188

L. A. Nikolov and A. P. Aleksieva-Petrova, "Action Research on the DevSecOps Pipeline," 2023 International Scientific Conference on Computer Science (COMSCI), Sozopol, Bulgaria, 2023, pp. 1-6, doi: 10.1109/COMSCI59259.2023.10315920.

Shift-Left Security: Integrate SAST Into DevSecOps Pipeline by Avi Hein

Automating Security Testing with SCA, SAST and DAST by Gilad David Maayan (November 4, 2022

Complete DevSecOps handbook: Key differences, tools, benefits & best practices by Adil Lakhani

G. Lin, S. Wen, Q. -L. Han, J. Zhang and Y. Xiang, "Software Vulnerability Detection Using Deep

Neural Networks: A Survey," in Proceedings of the IEEE, vol. 108, no. 10, pp. 1825-1848, Oct. 2020, doi: 10.1109/JPROC.2020.2993293.

K. Singh, S. S. Grover and R. K. Kumar, "Cyber Security Vulnerability Detection Using Natural Language Processing," 2022 IEEE World AI IoT Congress (AIIoT), Seattle, WA, USA, 2022, pp. 174-178, doi: 10.1109/AIIoT54504.2022.9817336

N. M K, M. B S, N. Khandelwal, N. Pai and S. L, "CI/CD Pipeline with Vulnerability Mitigation," 2023 International Conference on Recent Advances in Science and Engineering Technology (ICRASET), B G NAGARA, India, 2023, pp. 1-6, doi: 10.1109/ICRASET59632.2023.10419921.

C. Ahmadi and J. -L. Chen, "Survey on Reinforcement Learning Techniques for Enhancing Security and Efficiency in Zero Trust Networks," 2024 10th International Conference on Applied System Innovation (ICASI), Kyoto, Japan, 2024, pp. 427-429, doi: 10.1109/ICASI60819.2024.10547956.

K. Zhang, S. Xu and B. Shin, "Towards Adaptive Zero Trust Model for Secure AI," 2023 IEEE Conference on Communications and Network Security (CNS), Orlando, FL, USA, 2023, pp. 1-2, doi:10.1109/CNS59707.2023.10288810.

E. S. Hosney, I. T. A. Halim and A. H. Yousef, "An Artificial Intelligence Approach for Deploying Zero Trust Architecture (ZTA)," 2022 5th International Conference on Computing and Informatics (ICCI), New Cairo, Cairo, Egypt, 2022, pp. 343-350, doi: 10.1109/ICCI54321.2022.9756117.

Downloads

Published

2024-06-28

Issue

Vol. 15 No. 3 (2024): INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND TECHNOLOGY (IJARET)

Section

Articles

License

Copyright (c) 2024 Praveen Kumar Thopalle (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

Praveen Kumar Thopalle. (2024). DevSecOps: Integrating Security Into the DevOps Lifecycle with AI and Automation. INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND TECHNOLOGY (IJARET), 15(3), 452-466. https://lib-index.com/index.php/IJARET/article/view/IJARET_15_03_038