Keshav Biyani

The AI-Augmented DevSecOps Assistant: A Vendor-Neutral, Self-Healing SDLC

Submitted Sep 21, 2025

Session Description

Within modern SDLC pipelines, AI is reshaping DevSecOps and AIOps for intelligent monitoring—yet much of the telemetry our builds already produce remains unused until something breaks.
This talk shows how to put AI at the heart of the SDLC by embedding intelligence directly into CI/CD and infrastructure monitoring.

Using only open-source tools—Jenkins on Kubernetes, Trivy, and a lightweight LLM agent—you’ll see how to:

  • Capture build telemetry and SBOMs during every run without developer overhead.
  • Detect anomalies in build duration or stage behavior, a core AIOps use case.
  • Identify security vulnerabilities (e.g., Log4j-class CVEs) and transform scanner output into plain-language explanations with suggested version bumps or patch snippets.
  • Shift security left by triggering these insights as soon as a pull request or build finishes—so risks are resolved long before production.

The live demo proves a single engineer can build a vendor-neutral AI co-pilot that closes the loop between detection and remediation, even handing findings to Renovate for automated dependency updates.
Attendees leave with a reproducible blueprint to experiment with or implement independently.


Key Actionable Takeaways

  1. Embed AI-driven anomaly detection and vulnerability analysis directly into CI/CD—aligning with AI in DevSecOps and security and AIOps for intelligent monitoring.
  2. Convert raw scanner findings into human-readable context and starter fixes—making security actionable for developers.
  3. Implement a vendor-neutral, open-source stack (Jenkins, Trivy, Kubernetes, LLM) that works across clouds and CI platforms.
  4. Understand a path toward self-healing SDLC loops by connecting findings to automated update bots like Renovate.

Target Audience

  • DevOps/SRE leads, security engineers, and senior developers
  • Architects and engineering managers seeking practical, reproducible DevSecOps patterns
  • Teams exploring AI-augmented SDLC practices without vendor lock-in

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Jump starting better data engineering and AI futures