Literature review on the impact of DevSecOps on the software development life cycle : enhancing security, efficiency, and compliance

Abstract

This literature review discusses the impact of DevSecOps on achieving security and efficiency and compliance throughout the software development life cycle. It describes limitations of the Waterfall and the V-Model and the partial redirection of Agile. It subsequently demonstrates how the CI/CD and DevOps culture precondition things. The main concept is quite easy: bring the security to the left and make it an everyday business. The review brings the following DevSecOps principles: shift-left, security as code, shared responsibility, and pervasive automation. It maps injection points across the SDLC including threat modelling along with SAST and SCA in build, IaC scanning before deploy or container hardening and runtime monitoring. Evidence from the literature links these practices to lower mean time to detect, faster releases, fewer defects, and stronger audit trails. It further explains compliance as code and how pipeline records support audits. The review also reports common challenges: culture, skills, tool fatigue, and legacy systems. It summarizes best-practice frameworks and simple adoption steps, such as paved roads and security champions. The author believes that DevSecOps aligns speed with trust and makes secure delivery repeatable.