Abstract

A growing number of security challenges are born out of the complexity of modern software supply chains that span microservices, containerization, and cloud-native architectures. The increasing rate of new cyber-threats, and the need to quickly deploy software updates after a security incident, typically outpaces traditional DevSecOps security practices. In this paper, we propose a novel DevSecOps Sentinel system, which employs Generative AI (GenAI) driven agentic workflows to improve software supply chain security holistically.

In this paper, we elaborate on the architecture of DevSecOps Sentinel: by integrating cutting-edge GenAI models, and by deploying intelligent agentic workflows. Then we dive into how the system impacts our software development life cycle from code writing to production and beyond. Our results indicate that agentic workflows powered by GenAI are a viable method to tackle the intricate security issues of modern software supply chains. Integrating the analysis capability of AI and marrying this with the strengths that come from agentic systems, DevSecOps Sentinel reveals a way forward for organizations seeking to strengthen their security profile in an ever more hostile digital world - to build better software — faster, safer, and reliable.

This work is licensed under a Creative Commons Attribution 4.0 License.