Devsecops in Practice: How Integrating Security into CI/CD Pipelines Changes the Way We Engineer Software

• Author(s): Udokporo Jamachi Bernard
• Paper ID: 1712035
• Page: 2832-2840
• Published Date: 10-04-2026
• Published In: Iconic Research And Engineering Journals
• Publisher: IRE Journals
• e-ISSN: 2456-8880
• Volume/Issue: Volume 9 Issue 5 November-2025

Abstract

The Continuous Integration (CI) and Continuous Deployment (CD), which was rapidly ratified by the software engineering development industry, turned into a fast-paced process, causing new insecurity threat to be generated. This paper therefore, explains how integrating security into CI/CD pipelines changes the way we engineer software through Development Security Operations (DevSecOps). Integrating security into CI/CD pipelines via DevSecOps fundamentally transforms software engineering by shifting security from a late-stage bottleneck to an intrinsic, automated part of the entire development lifecycle, promoting early vulnerability detection, reducing costs and risks, fostering a collaborative culture, and ultimately enabling faster delivery of inherently more secure software. This "shifting left" approach uses automation and tools like Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to embed security checks, policy enforcement, and monitoring directly into developer workflows, ensuring security is a shared, continuous responsibility rather than a separate, disruptive activity.

Citations

IRE Journals:
Udokporo Jamachi Bernard "Devsecops in Practice: How Integrating Security into CI/CD Pipelines Changes the Way We Engineer Software" Iconic Research And Engineering Journals Volume 9 Issue 5 2025 Page 2832-2840 https://doi.org/10.64388/IREV9I5-1712035

IEEE:
Udokporo Jamachi Bernard "Devsecops in Practice: How Integrating Security into CI/CD Pipelines Changes the Way We Engineer Software" Iconic Research And Engineering Journals, 9(5) https://doi.org/10.64388/IREV9I5-1712035