Implementing SCA and Malware Analysis for Early-Stage Threat Detection in DevSecOps Pipelines

Speaker's bio

Schedule

Session detail

In the evolving landscape of software development, the integration of security into the DevOps lifecycle, commonly known as DevSecOps, has become crucial, especially in addressing threats within the software supply chain. This paper presents a practical demonstration of shift-left security through the implementation of Software Composition Analysis (SCA) and Malware Analysis during early stages of the CI/CD pipeline. By focusing on the identification of known vulnerabilities, dependency risks, and potential malicious artifacts, the study aims to strengthen the integrity of open-source components and container images used in modern development workflows. Through simulated pipeline environments, this demo highlights how integrating these tools early can proactively reduce exposure to supply chain attacks, ensuring a more resilient development process. The findings reinforce the importance of combining static component scanning with behavioral malware analysis to bridge the gap between code quality and actual security in DevSecOps practices.