DevSecOps-based software information security methodology: integrating automated tools into the development lifecycle
Abstract
DevSecOps-based software information security methodology: integrating automated tools into the development lifecycle
Incoming article date: 05.01.2026The article is devoted to the current problems of information security in software development. The main purpose of the research is to increase the level of security in software development by implementing security tools and DevSecOps practices. The main threats to information security that arise at each stage of software development, from planning to product operation, are considered. The analysis of the main tools used to ensure the overall security of the developed software such as Jenkins, SonarQube, Zed Attack Proxy, Osquery, Trivy, Docker is carried out. The proposed methodology makes it possible to integrate security measures into the development process, minimize the human factor, reduce the response time to vulnerabilities, and ensure information security control throughout the software lifecycle.
Keywords: secure software development, software lifecycle, threats, secure development tools, information security