Metrics-Driven Evaluation of DevSecOps Automation Practices in CI/CD Pipelines Across Heterogeneous Cloud Platforms
Keywords:
DevSecOps, CI/CD, Cloud Platforms, Automation, Metrics Evaluation, Security Integration, Multi-cloudAbstract
This study evaluates the effectiveness of DevSecOps automation strategies within Continuous Integration/Continuous Deployment (CI/CD) pipelines on heterogeneous cloud platforms. The growing complexity and diversity of cloud environments demand adaptable and automated security integration. We propose a metrics-based evaluation framework to assess automation practices across multiple dimensions including response time, integration latency, threat coverage, and cloud compatibility. Our findings suggest that automation effectiveness varies significantly depending on platform interoperability, toolchain maturity, and policy-as-code alignment.
References
Sharma, K., Joshi, A. (2018). Enhancing CI/CD Pipeline Security using Jenkins Automation Plugins. International Journal of Software Engineering and Applications, 9(4), 201–213.
Alshamrani, A., Chowdhury, I., Read, J., Zulkernine, M. (2019). A Threat Modeling Framework for Secure DevOps. Proceedings of the 2019 ACM Workshop on Security Software Engineering, 15–21.
Williams, J., Wills, D. (2020). Policy-as-Code Framework for Continuous Compliance in DevSecOps. Journal of Cloud Computing, 7(1), 110–124.
Kaur, P., Arora, R. (2021). Security Challenges in Containerized CI/CD Environments on Cloud Platforms. International Journal of Cloud Computing, 5(2), 65–80.
Hassan, M., Deep, S. (2023). A Comparative Study of DevSecOps Implementation in GitLab CI and Jenkins. Journal of Software Development and Deployment, 6(3), 44–59.
Rehman, M., Zhang, Q., Ali, T. (2022). Anomaly Detection in GitHub Actions using Machine Learning. IEEE Transactions on Software Engineering, 48(5), 321–335.
Joshi, R., Saxena, S. (2019). Secure Integration of DevSecOps Practices in Agile Environments. International Conference on Cloud and Edge Computing, 112–118.
Kumar, N., Verma, S. (2020). Policy Automation and DevSecOps Compliance in CI/CD. Journal of Computer Science and Information Security, 12(1), 45–53.
Thomas, A., Singh, R. (2021). Vulnerability Management in Kubernetes-based Pipelines. Proceedings of the International Conference on Secure Systems, 37–44.
Gummadi, V. P. K. (2019). Microservices architecture with APIs: Design, implementation, and MuleSoft integration. Journal of Electrical Systems, 15(4), 130–134. https://doi.org/10.52783/jes.9328
Ahmed, Z., Gupta, M. (2020). Cross-Platform Security Testing in CI/CD Using SAST and DAST Tools. International Journal of Systems and Software Engineering, 9(3), 98–109.
Chatterjee, R., Malhotra, P. (2021). DevSecOps: Policy-Driven Security Automation. Journal of Information Assurance and Cybersecurity, 2021, Article ID 789104.
Lee, C., Kim, D. (2019). DevSecOps Challenges in Hybrid Cloud Deployments. Journal of Software Security and Reliability, 6(4), 212–224.
Gummadi, V. P. K. (2020). API design and implementation: RAML and OpenAPI specification. Journal of Electrical Systems, 16(4). https://doi.org/10.52783/jes.932
Bakshi, A., Choudhury, B. (2022). Secure DevOps Framework for Multi-Tenant CI/CD Environments. Proceedings of the ACM Symposium on Cloud Computing, 145–153.
Downloads
Published
Issue
Section
License
Copyright (c) 2022 Arıkan Sharma H (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
