International Journal on Science and Technology

E-ISSN: 2229-7677     Impact Factor: 9.88

A Widely Indexed Open Access Peer Reviewed Multidisciplinary Bi-monthly Scholarly International Journal

Call for Paper Volume 17 Issue 2 April-June 2026 Submit your research before last 3 days of June to publish your research paper in the issue of April-June.
Submit Research Paper Join as a Reviewer

Plagiarism is checked by the leading plagiarism checker TurnItIn

Call for Paper

Volume 17 Issue 2
April-June 2026

Submit your research paper

Indexing Partners
Academia Advanced Sciences Index Bielefeld Academic Search Engine CiteSeer DRJI Google Scholar Independent Search Engine & Directory Network ISI (International Scientific Indexing) Issuu Mendeley Research Networks
RefSeek ResearcherId - Thomson Reuters ResearchGate Scirus Scribd Semantic Scholar UTeM - Universiti Teknikal Malaysia Melaka Wiki for Call for Papers WorldCat Zenodo

Secure CI/CD Governance for Salesforce Platforms: Integrating DevSecOps Controls Across Every Stage of the Release Pipeline

Author(s) Mr. Lalith Chandra Bandaru, Mr. Mohammed Shakeer Bandrevu
Country United States
Abstract Software supply chain attacks targeting development toolchains and deployment pipelines represent one of the most consequential categories of enterprise security risk. For Salesforce platform deployments, the attack surface extends across version-controlled metadata repositories, CI/CD runners executing with broad deployment permissions, managed package dependencies receiving automatic updates from potentially compromised vendor code bases, and deployment service accounts whose compromise enables production access without triggering traditional perimeter detection. We built a secure CI/CD governance framework for Salesforce environments that integrates security controls at six pipeline stages: pre-commit secret scanning and Infrastructure-as-Code permission linting; CI-stage static application security testing with custom Salesforce-specific vulnerability rules and software composition analysis with managed package risk scoring; integration-test-stage dynamic security testing; sandbox-promotion permission difference analysis; production gate threat model review integrated with URGF; and post-deployment LTDF runtime monitoring integration. Evaluated across twelve production Salesforce environments over fourteen months, the framework reduced secret leakage events from 4.7 to 0.2 per thousand commits (96%), reduced vulnerable dependency exposure from 31.4% to 4.1% (87%), reduced critical SAST findings per release from 6.8 to 0.4 (94%), and reduced mean time to remediate from 47 to 3.1 days (93%), with a mean security-attributable pipeline overhead of only 7.4 minutes per deployment.
Keywords DevSecOps, Salesforce security, secure CI/CD, SAST, SCA, secret scanning, supply chain security, SBOM, managed packages, privilege escalation, URGF, LTDF
Field Computer > Network / Security
Published In Volume 13, Issue 4, October-December 2022
Published On 2022-12-06
DOI https://doi.org/10.71097/IJSAT.v13.i4.11155
View / Download PDF File

Share this


CrossRef

CrossRef DOI is assigned to each research paper published in our journal.

IJSAT DOI prefix is
10.71097/IJSAT

Downloads
Research Paper Format Copyright Permission Form and Undertaking Form Cover Page Vol 17 Isu 2Cover Page Vol 17 Isu 1Cover Page Vol 16 Isu 4

All research papers published on this website are licensed under Creative Commons Attribution-ShareAlike 4.0 International License, and all rights belong to their respective authors/researchers.

CC-BY-SA Open Access

About IJSAT
Fees & Payment
Current Issue
Publication Archive 		Submit Research Paper
Track Submission Status
Publication Guidelines
Publication Ethics
Peer Review & Plagiarism 		Join as a Reviewer
Editors & Reviewers
Reviewer Referral Program
Get Reviewer Membership Certi. 		Website/Journal Policies
Usage Policy
Content Policies
Privacy Policy
Contact Us Message on WhatsApp +91-9687-182-185 editor@ijsat.org