Framework for Integrating Continuous Integration and Continuous Deployment (CI or CD) with Automated Security Testing to Improve Software Dependability

The increasing demand for rapid software delivery has led to the widespread adoption of Continuous Integration (CI) and Continuous Deployment (CD) pipelines. These pipelines automate the processes of code integration, testing, and deployment, significantly improving the speed and reliability of software development. However, traditional CI or CD pipelines often overlook security testing, leading to vulnerabilities in the deployed software. To address this gap, this study proposes an integrated framework that embeds automated security testing within the CI or CD process. The framework incorporates security testing tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Vulnerability Assessment and Penetration Testing (VAPT) to ensure continuous security checks throughout the development lifecycle. The experimental results show that the proposed framework enhances early vulnerability detection, with detection rates increasing from 30% to 70%. Additionally, the framework reduces deployment failures from 50% to 20%, demonstrating its effectiveness in improving software dependability. While the integration of automated security testing adds a slight 5% increase in pipeline execution time, this minimal impact does not significantly affect the overall speed of the pipeline. The proposed approach successfully balances security and efficiency, ensuring that software is both secure and delivered at high speed. This research highlights the importance of integrating security into CI or CD pipelines and demonstrates that it is possible to achieve high security without sacrificing the speed of software development. The study also discusses the practical implications for software development teams and suggests areas for future research, including the integration of advanced AI-driven security testing tools and the expansion of the framework's applicability across different software projects.