IDEAS home Printed from https://ideas.repec.org/a/bhx/ojijce/v7y2025i18p12-23id3047.html
   My bibliography  Save this article

DevSecOps-Driven Security Framework for CI/CD Pipeline Risk Mitigation

Author

Listed:
  • Arpit Mishra

Abstract

Modern software development organizations face escalating security challenges within their Continuous Integration and Continuous Deployment (CI/CD) pipeline infrastructure, necessitating robust DevSecOps methodologies to counter sophisticated vulnerabilities. Contemporary DevSecOps frameworks establish security controls at every stage of the pipeline lifecycle, systematically addressing threats that pose risks to software delivery operations and organizational assets. By implementing structured security integration strategies, organizations achieve both velocity and protection without sacrificing either priority. The zero-trust frameworks analyzed within this context demonstrate significant efficacy when applied to pipeline components, establishing verification checkpoints at critical junctures. Policy-as-code solutions further automate compliance verification, ensuring that security requirements remain enforceable across evolving infrastructure configurations. Security benchmarking results demonstrate substantial improvements in vulnerability detection timeliness, threat containment capabilities, and overall defensive posture when the prescribed controls operate cohesively. The framework establishes governance structures, validation mechanisms, and monitoring protocols that function effectively within rapid deployment cycles while maintaining appropriate security guardrails. Through systematic implementation of these integrated security practices, development teams and security professionals collaborate effectively to create resilient CI/CD environments capable of withstanding evolving threats while preserving deployment velocity.

Suggested Citation

  • Arpit Mishra, 2025. "DevSecOps-Driven Security Framework for CI/CD Pipeline Risk Mitigation," International Journal of Computing and Engineering, CARI Journals Limited, vol. 7(18), pages 12-23.
    • Handle: RePEc:bhx:ojijce:v:7:y:2025:i:18:p:12-23:id:3047
    as

    Download full text from publisher

    File URL: https://carijournals.org/journals/index.php/IJCE/article/view/3047
    Download Restriction: no
    ---><---

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:bhx:ojijce:v:7:y:2025:i:18:p:12-23:id:3047. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chief Editor (email available below). General contact details of provider: https://www.carijournals.org/journals/index.php/IJCE/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.