Integrating Dynamic Security Testing Tools into CI/CD Pipelines: A Continuous Security Testing Case Study

Naga Satya Praveen Kumar Yadati

Abstract: Continuous Integration (CI) and Continuous Delivery (CD) are key practices in DevOps, enabling rapid delivery of new features by automating testing and releasing software multiple times per day. However, traditional security management techniques struggle to keep pace with this fast Software Development Life Cycle (SDLC). Ensuring high security quality in software systems is increasingly critical. DevSecOps aims to integrate security into DevOps practices, with automated security testing as a vital area of research. Despite extensive literature on security testing and CI/CD practices, few studies address both topics together, and most focus only on static code analysis, neglecting dynamic testing methods. This paper presents an approach to integrate three automated dynamic testing techniques into a CI/CD pipeline and provides an empirical analysis of the overhead introduced. We identify unique research and technology challenges in the DevSecOps community and propose preliminary solutions. Our findings aim to help make informed decisions when adopting DevSecOps practices in agile enterprise application engineering and enterprise security.

Keywords: DevSecOps, Dynamic Security Web Testing, Continuous Security, Continuous Integration