DevSecOps Scan Engine: A Containerized Security Orchestration Framework

S Saravana Kumar; P Vivekanandan; R Dineshkumar; S Sasitharan; N Abinaya

doi:10.54741/ASEJAR/5.2.2026.183

Authors

S.Saravana Kumar Assistant Professor(SS), Department of CSE(Cyber Security), Dr. Mahalingam College of Engineering and Technology, Coimbatore, Tamil Nadu, India
P. Vivekanandan Head of the Department, Department of CSE(Cyber Security), Dr. Mahalingam College of Engineering and Technology, Coimbatore, Tamil Nadu, India
R. Dineshkumar Student, Department of CSE(Cyber Security), Dr. Mahalingam College of Engineering and Technology, Coimbatore, Tamil Nadu, India
S. Sasitharan Student, Department of CSE(Cyber Security), Dr. Mahalingam College of Engineering and Technology, Coimbatore, Tamil Nadu, India
N. Abinaya Student, Department of CSE(Cyber Security), Dr. Mahalingam College of Engineering and Technology, Coimbatore, Tamil Nadu, India

DOI:

https://doi.org/10.54741/ASEJAR/5.2.2026.183

Keywords:

DevSecOps, container isolation, CI/CD security, SAST, DAST, SCA, security automation, vulnerability orchestration

Abstract

The rapid evolution of modern software delivery practices has significantly shortened development cycles, enabling organizations to release updates at an unprecedented pace. However, this acceleration has also increased the exposure of applications to security vulnerabilities, particularly when traditional security validation is performed only at later stages of development.

This paper presents the DevSecOps Scan Engine, a container-oriented orchestration framework designed to embed automated security analysis directly into continuous integration and continuous deployment workflows. The proposed system supports multiple categories of security testing, including static code analysis, dynamic application testing, and dependency vulnerability assessment, all executed within isolated and short-lived container environments. By leveraging containerization, the framework ensures consistency across executions while eliminating environmental dependencies and cross-process interference.

A standardized abstraction layer is introduced to unify the interaction between diverse security tools and pipeline components, transforming heterogeneous scanner outputs into a consistent structure for seamless integration with dashboards and automated decision-making systems.

Experimental evaluation demonstrates that the system supports concurrent scan execution with reliable isolation and efficient resource utilization, while effectively preventing deployments when critical vulnerabilities are detected. Overall, the proposed approach enables scalable and automated security validation while preserving the speed and flexibility required in modern development environments.

Downloads

Download data is not yet available.

References

A. Sharma, & M. Barenkamp. (2022). DevOps and DevSecOps: A systematic literature review. Journal of Software Engineering and Applications, 15(3), 123–145.

Ramprakash, P., Sakthivadivel, M., Krishnaraj, N., & Ramprasath, J. (2014). Host-based intrusion detection system using sequence of system calls. International Journal of Engineering and Management Research, 4(2), 241–247.

B. Fitzgerald, & K. Stol. (2017). Continuous software engineering: A roadmap and agenda. Journal of Systems and Software, 123, 176–189.

Saranya, N., Sakthivadivel, M., Karthikeyan, G., & Rajkumar, R. (2023). Securing the cloud: An empirical study on best practices for ensuring data privacy and protection. International Journal of Engineering and Management Research, 13(2), 46–49. https://doi.org/10.31033/ijemr.13.2.6

M. Beller, R. Bholanath, S. McIntosh, & A. Zaidman. (2016). Analyzing the state of static analysis: A large scale evaluation in open source software. Proc. IEEE SANER, pp. 1–10.

B. Johnson, Y. Song, E. Murphy Hill, & R. Bowdidge. (2013). Why developers avoid static analysis tools. Proc. Int. Conf. Software Engineering, pp. 672–681.

J. Fonsca, M. Vieira, & H. Madeira. (2007). Testing and comparing web vulnerability scanners for injection and cross site scripting attacks. Proc. Pacific Rim Int. Symp. Dependable Computing, pp. 365–372.

OWASP Foundation. (2021). OWASP Top 10: The ten most critical web application security risks.

D. Merkel. (2014). Docker: Lightweight Linux containers for consistent development and deployment. Linux Journal, 2014(239).

C. Pahl. (2015). Containerization and the platform as a service cloud. IEEE Cloud Computing, 2(3), 24–31.

L. Bass, I. Weber, & L. Zhu. (2015). DevOps: A software architect’s perspective. Boston, MA, USA: Addison-Wesley.

J. Wettinger, U. Breitenbücher, M. Falkenthal, F. Leymann, & M. Zimmermann. (2014). Integrating configuration management with model driven cloud management based on TOSCA. Proc. IEEE Int. Conf. Cloud Computing, pp. 437–444.

S. McConnell. (2004). Code complete. (2nd ed.). Redmond, WA, USA: Microsoft Press.

T. M. Chen, & S. Abu-Nimeh. (2001). Lessons from Stuxnet. Computer, 44(4), 91–93.

N. Antunes, & M. Vieira. (2009). Comparing the effectiveness of penetration testing and static code analysis on the detection of SQL injection vulnerabilities. Proc. IEEE ISSRE, pp. 301–306.

A. Sabahi. (2016). Secure containers in cloud computing: A survey. Proc. IEEE 8th Int. Conf. Cloud Computing Technology and Science, pp. 395–402.

R. Buyya, C. Vecchiola, & S. T. Selvi. (2013). Mastering cloud computing. New York, USA: McGraw Hill.

DevSecOps Scan Engine: A Containerized Security Orchestration Framework

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Make a Submission

Information

Current Issue