Journal of Advances in Developmental Research

E-ISSN: 0976-4844     Impact Factor: 9.71

A Widely Indexed Open Access Peer Reviewed Multidisciplinary Bi-monthly Scholarly International Journal

Call for Paper Volume 17 Issue 1 January-June 2026 Submit your research before last 3 days of June to publish your research paper in the issue of January-June.
Submit Research Paper Join as a Reviewer

Plagiarism is checked by the leading plagiarism checker TurnItIn

Call for Paper

Volume 17 Issue 1
2026

Submit your research paper

Indexing Partners
Academia Advanced Sciences Index Bielefeld Academic Search Engine CiteSeer DRJI Google Scholar Independent Search Engine & Directory Network ISI (International Scientific Indexing) Issuu Mendeley Research Networks
RefSeek ResearcherId - Thomson Reuters ResearchGate Scirus Scribd Semantic Scholar UTeM - Universiti Teknikal Malaysia Melaka Wiki for Call for Papers WorldCat Zenodo

Automated Vulnerability Management in DevSecOps Pipelines for SaaS Platforms: A Practical Framework for SAST, DAST, Dependency Scanning, and Controlled Remediation

Author(s) Praveen Chaitanya Jakku, Lalith Chandra Bandaru, Mohammed Shakeer Bandrevu
Country United States
Abstract SaaS platforms are released, updated, and configured at a pace that traditional vulnerability management processes were not designed to support. Security findings that are discovered after deployment often move through separate dashboards, manual triage, ticket queues, and delayed sprint cycles before they are fixed. This delay creates unnecessary exposure, especially when the issue could have been detected earlier in the software delivery pipeline. DevSecOps addresses this problem by moving security checks closer to development and release workflows, but simply adding more scanners does not guarantee better security. Without aggregation, deduplication, prioritization, and clear remediation paths, scanning can increase noise rather than reduce risk.
This article presents a practical framework for automated vulnerability management in DevSecOps pipelines for SaaS platforms. The framework combines static application security testing, dynamic application security testing, dependency scanning, secrets detection, infrastructure-as-code validation, and controlled remediation workflows. It emphasizes risk-based gating, developer-friendly feedback, safe automation, and auditable remediation. The goal is not to replace security engineers or developers, but to reduce avoidable delay, improve consistency, and ensure that repeatable security fixes are handled earlier and more reliably in the delivery lifecycle.
Keywords DevSecOps, SaaS security, vulnerability management, SAST, DAST, dependency scanning, CI/CD, automated remediation, secure software development, software supply chain security.
Field Engineering
Published In Volume 15, Issue 1, January-June 2024
Published On 2024-04-05
DOI https://doi.org/10.71097/IJAIDR.v15.i1.1904
Short DOI https://doi.org/hb26st
View / Download PDF File

Share this



CrossRef

CrossRef DOI is assigned to each research paper published in our journal.

IJAIDR DOI prefix is
10.71097/IJAIDR

Downloads
Research Paper Format Copyright Permission Form and Undertaking Form Cover Page Vol 17 Isu 1Cover Page Vol 16 Isu 2Cover Page Vol 16 Isu 1

All research papers published on this website are licensed under Creative Commons Attribution-ShareAlike 4.0 International License, and all rights belong to their respective authors/researchers.

CC-BY-SA Open Access

About IJAIDR
Fees & Payment
Current Issue
Publication Archive 		Submit Research Paper
Track Submission Status
Publication Guidelines
Peer Review & Plagiarism 		Join as a Reviewer
Editors & Reviewers
Get Reviewer Membership Certi. 		Website/Journal Policies
Usage Policy
Content Policies
Privacy Policy
Contact Us Message on WhatsApp +91-9687-182-185 editor@ijaidr.com