DevOps are considered as one of the promising software development methodologies in the industry. However, the adoption of it has presented a new challenge of ensuring secure software delivery and maintaining the agility of DevOps. As a solution to integrate security into DevOps, a new term has emerged, DevSecOps (Development, Security and Operations) which start to get more attention from industry and academics. Using static code analysis tools within CI/CD pipelines significantly enhances security by enabling early detection of vulnerabilities and promoting secure coding practices. SAST tools play a crucial role in detecting vulnerabilities, widespread adoption has been hindered by usability issues, including high false positive rates and a lack of native pipeline support

Терро М. (науч. рук. Коржук В.М.) Continuous security in ci/cd pipelines with static code analysis tools // Сборник тезисов докладов конгресса молодых ученых. Электронное издание. – СПб: Университет ИТМО, [2025]. URL: https://kmu.itmo.ru/digests/article/14803