DevOps has become a standard practice in the industry to enhance the efficiency of software development and delivery. To address potential security risks throughout the software development lifecycle, DevSecOps integrates security measures into the DevOps process from the outset. Traditionally, security specialists manually analyze scanning results and provide feedback to development teams, which is time-intensive and inefficient. With the rapid advancement of Artificial Intelligence (AI), researchers have explored the potential of using AI to automate security analysis in the DevSecOps process. However, most existing approaches focus on theoretical models, leaving practical applications underdeveloped. Additionally, concerns about data privacy pose significant barriers to the industry’s adoption of AI-based solutions. In this paper, we present a practical AI-driven security analysis solution for DevSecOps, designed to enhance the application of AI in enterprise software development. Our approach automates manual security analysis by integrating deployment and security analysis tools with ChatGPT, enabling the generation of detailed security reports without compromising sensitive information. Experiments demonstrate that our platform reduces analysis time by 92% compared to manual efforts while maintaining high accuracy in the results. This solution is well-suited for large enterprises, showcasing the transformative potential of combining AI with DevSecOps practices.
Al Noman, A., Idowu, S.O., Kakanou, R.D.M., Ciancarini, P., Ren, M. (2026). An AI-Based Security Analysis Solution for DevSecOps. Springer Science and Business Media Deutschland GmbH [10.1007/978-3-032-09694-4_22].
An AI-Based Security Analysis Solution for DevSecOps
Ciancarini P.;
2026
Abstract
DevOps has become a standard practice in the industry to enhance the efficiency of software development and delivery. To address potential security risks throughout the software development lifecycle, DevSecOps integrates security measures into the DevOps process from the outset. Traditionally, security specialists manually analyze scanning results and provide feedback to development teams, which is time-intensive and inefficient. With the rapid advancement of Artificial Intelligence (AI), researchers have explored the potential of using AI to automate security analysis in the DevSecOps process. However, most existing approaches focus on theoretical models, leaving practical applications underdeveloped. Additionally, concerns about data privacy pose significant barriers to the industry’s adoption of AI-based solutions. In this paper, we present a practical AI-driven security analysis solution for DevSecOps, designed to enhance the application of AI in enterprise software development. Our approach automates manual security analysis by integrating deployment and security analysis tools with ChatGPT, enabling the generation of detailed security reports without compromising sensitive information. Experiments demonstrate that our platform reduces analysis time by 92% compared to manual efforts while maintaining high accuracy in the results. This solution is well-suited for large enterprises, showcasing the transformative potential of combining AI with DevSecOps practices.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
