Protection of DevOps pipelines: automation of security within DevSecOps

The research focuses on methods for automating security in DevOps pipelines within the DevSecOps framework, emphasizing the integration of tools, processes, and cultural shifts to enhance the security of software products. The research set the following tasks: analysis of modern DevSecOps methodologies and tools; assess the potential of using artificial intelligence and machine learning to automate information security tasks; identify the main problems and barriers to integrating DevSecOps into continuous integration and delivery (CI/CD) processes; identify promising areas for automation development in the field of security. The study uses a comparative analytical review method, including an analysis of scientific literature, industrial practices and documentation of modern DevSecOps tools, the Shift-Left Security and Security as Code approaches. Open sources, CI/CD platform documentation, and data on the use of AI in information security were used. The research identifies key principles for integrating security into DevOps: early vulnerability detection, automation of security processes, implementation of Security as Code, and enhanced threat monitoring. Modern DevSecOps tools are reviewed, including static and dynamic code analysis, security policy management systems, secret management solutions, and AI-powered proactive threat detection mechanisms. The study finds that automation minimizes human error, accelerates vulnerability detection and remediation processes, and ensures compliance with regulatory requirements. However, certain limitations were also identified, including the complexity of tool integration, a shortage of DevSecOps specialists, and resistance to changes within development and operations teams. Future trends indicate further advancements in AI-driven solutions and automated frameworks for security management. This research contributes to the field of information security by uncovering methods for automating DevSecOps integration into CI/CD processes and exploring the potential of AI for predictive threat analytics. It highlights key trends in security automation within modern cloud and containerized environments.