TrustDevSecAI: Towards a Trustworthy DevSecOps Pipeline

Advancing DevSecOps pipelines through AI-augmented security analysis, vulnerability characterization, and trustworthiness assessment.

TrustDevSecAI aims to advance the security and trustworthiness of modern DevSecOps pipelines by systematically integrating vulnerability characterization, adversarial evaluation, and AI-assisted trustworthiness assessment into Continuous Integration and Continuous Deployment (CI/CD) workflows. The project addresses the growing complexity and attack surface of automated software delivery environments, where traditional security mechanisms struggle to keep pace with rapid development cycles and increasing reliance on automation and AI-driven tooling.
By combining Orthogonal Defect Classification (ODC), Large Language Models (LLMs), and empirical benchmarking under realistic attack scenarios such as Poisoned Pipeline Execution (PPE), TrustDevSecAI seeks to provide a structured and reproducible understanding of CI pipeline vulnerabilities and security limitations. Ultimately, the project aims to enable informed, automated decision-making within DevSecOps pipelines by embedding measurable trustworthiness criteria-covering security, reliability, and maintainability-directly into the software development lifecycle.