DevSecLogs: AI-Powered, Tamper-Evident Log Intelligence for Secure CI/CD Pipelines
Logs are central to understanding what is happening inside CI/CD pipelines. Today’s platforms often treat logs as passive artefacts rather than active indicators of risk. This research introduces DevSecLogs, a system designed to integrate security intelligence and enforce integrity throughout the pipeline. We are utilising Natural Language Processing (NLP) methodologies such as log tokenisation, topic clustering, and semantic filtering through Latent Dirichlet Allocation (LDA), specifically the topic modelling technique. We also implemented a deep learning-based anomaly detector, particularly a hybrid CNN-LSTM model, to surface irregular log behaviours, such as skipped test phases, unauthorised access attempts, or irregular command patterns. To keep the integrity of these logs, the system stores each step in a blockchain-backed structure that makes any changes evident and ensures a permanent audit trail. The system is currently live on IBM Cloud, with planned integration into CI/CD tools such as Jenkins and Tekton, to enable secure, real-time log monitoring within DevSecOps workflows.
Tue 9 SepDisplayed time zone: Auckland, Wellington change
15:30 - 17:30 | |||
15:30 30m | Bugs in AI-Generated Code - Understanding Bug Patterns and Possible Fix Strategies Doctoral Symposium Ruofan Gao School of Mathematical and Computational Sciences, Massey University | ||
16:00 30m | DevSecLogs: AI-Powered, Tamper-Evident Log Intelligence for Secure CI/CD Pipelines Doctoral Symposium Sabbir M. Saleh University of Western Ontario | ||
16:30 30m | Ensuring Code Integrity in the Era of AI-Assisted Software Development Doctoral Symposium Arthur Pilone University of São Paulo | ||
17:00 30m | The Impact of Generative AI on Developer Practices, Behavior, and Software Quality Doctoral Symposium Julian Oertel University of Rostock | ||
