DevSecOps
February 15, 2025
Applied research on integrating security into CI/CD pipelines shift-left controls, automated scanning, policy gates, and measurable risk reduction in multi-cloud delivery.
Research focus
This track documents repeatable DevSecOps patterns used in production pipelines: how to embed security checks without blocking delivery, how to measure control effectiveness, and how to align engineering teams around shared security outcomes.
Research questions
- Which security gates belong in CI vs CD vs runtime?
- How do teams reduce false positives without skipping critical findings?
- What metrics best correlate with fewer production incidents?
Deliverables in this series
- Shift-left security architecture
- SAST/DAST pipeline integration patterns
- Secrets and credential lifecycle in automated builds
- Container image scanning workflows
- Infrastructure policy enforcement with IaC scanners