The increasing dynamism and complexity of modern software development environments, driven by continuous integration and delivery practices, have revealed critical limitations in traditional security models. In this context, DevSecOps has emerged as a strategic paradigm for integrating security in a continuous, automated, and comprehensive manner throughout the DevOps cycle. However, its effective adoption faces multiple technical and methodological challenges, including the lack of empirically validated frameworks that ensure practical applicability. This study presents a systematic review of scientific and industrial literature published between 2018 and 2025, aiming to identify existing DevSecOps frameworks, their automation mechanisms, security practices, and reported limitations. The research examines cybersecurity gaps across all DevOps stages, from planning to monitoring, with particular attention to traceability, maturity, regulatory compliance, and operational resilience. The analysis identifies technical gaps, organizational shortcomings, and challenges related to the integration of security tools, control automation, and maturity evaluation. These findings provide a rigorous scientific basis for developing an enhanced framework, guiding future research toward more robust, verifiable, and adaptable DevSecOps implementations.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Toward a Robust and Enhanced DevSecOps Framework

  • Roberto Carlos Bautista Ramos,
  • Sang Guun Yoo

摘要

The increasing dynamism and complexity of modern software development environments, driven by continuous integration and delivery practices, have revealed critical limitations in traditional security models. In this context, DevSecOps has emerged as a strategic paradigm for integrating security in a continuous, automated, and comprehensive manner throughout the DevOps cycle. However, its effective adoption faces multiple technical and methodological challenges, including the lack of empirically validated frameworks that ensure practical applicability. This study presents a systematic review of scientific and industrial literature published between 2018 and 2025, aiming to identify existing DevSecOps frameworks, their automation mechanisms, security practices, and reported limitations. The research examines cybersecurity gaps across all DevOps stages, from planning to monitoring, with particular attention to traceability, maturity, regulatory compliance, and operational resilience. The analysis identifies technical gaps, organizational shortcomings, and challenges related to the integration of security tools, control automation, and maturity evaluation. These findings provide a rigorous scientific basis for developing an enhanced framework, guiding future research toward more robust, verifiable, and adaptable DevSecOps implementations.