Integrating DevSecOps and LLM‑Enhanced Mobile Security: A Unified Framework for Automated Security Testing in Modern CI/CD Pipelines
Keywords:
DevSecOps, CI/CD pipelines, automated security testing, mobile applicationsAbstract
With the accelerating shift toward rapid software delivery through continuous integration and continuous deployment (CI/CD) pipelines, the need for robust, automated security testing has never been more critical. Traditional security processes often lag behind the pace of development, leading to increased vulnerability exposure. The DevSecOps paradigm—integrating development, operations, and security—has emerged to address this gap by embedding security checks into CI/CD workflows. Simultaneously, the rise of mobile applications that incorporate large‑language-model (LLM) functionalities introduces new privacy and security risks that demand automated, systematic testing. This paper synthesizes extant research on DevSecOps automation and extends it to propose a unified framework tailored for modern mobile applications enhanced by LLMs. Drawing on empirical and conceptual studies of automated scanning, static and dynamic analysis, heuristic algorithm‑based testing, security compliance models, and barriers to adoption, we construct a comprehensive pipeline architecture. We argue that integrating heuristic‑driven testing (via genetic algorithms), static and dynamic vulnerability detection, security compliance artifacts, and specialized LLM‑privacy testing can significantly raise the security baseline while maintaining deployment velocity. We elaborate on architectural design, methodological considerations, potential challenges, and future directions, including governance, scalability, and human-in-the-loop oversight. This synthesis aims to guide both academia and industry toward more resilient, automated security practices in a landscape increasingly shaped by AI‑enhanced mobile software.
References
Hsu, T. H. C. (2019). Practical security automation and testing: tools and techniques for automated security scanning and testing in DevSecOps. Packt Publishing Ltd.
Thantharate, P., & Anurag, T. (2023, September). GeneticSecOps: harnessing heuristic genetic algorithms for automated security testing and vulnerability detection in DevSecOps. In 2023, the 6th International Conference on Contemporary Computing and Informatics (IC3I) (Vol. 6, pp. 2271–2278). IEEE.
Marandi, M., Bertia, A., & Silas, S. (2023, July). Implementing and automating security scanning in a DevSecOps CI/CD pipeline. In 2023 World Conference on Communication and Computing (WCONF) (pp. 1–6). IEEE.
Jammeh, B. (2020). DevSecOps: Security expertise is a key to automated testing in the CI/CD pipeline. Bournemouth University.
Putra, A. M., & Kabetta, H. (2022, October). Implementation of DevSecOps by integrating static and dynamic security testing in CI/CD pipelines. In 2022 IEEE International Conference of Computer Science and Information Technology (ICOSNIKOM) (pp. 1–6). IEEE.
Abiola, O. B., & Olufemi, O. G. (2023). An enhanced CICD pipeline: A DevSecOps approach. International Journal of Computer Applications, 184(48), 8–13.
Lorona, N. (2023). Strategies Employed by Project Managers when Adopting Agile DevSecOps to Manage Software Development in the DoD (Doctoral dissertation, Colorado Technical University).
Jones, A. J. (2023). Quantitative Exploratory Investigation into the Barriers to Adopting DevSecOps Methodology for Security Operations Centers (Doctoral dissertation, Capitol Technology University).
Bitra, P., & Achanta, C. S. (2021). Development and Evaluation of an Artefact Model to Support Security Compliance for DevSecOps.
Security and Privacy Testing Automation for LLM-Enhanced Applications in Mobile Devices. (2025). International Journal of Networks and Security, 5(02), 30–41.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Sergiu Metgher
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
