International Journal of Science, Engineering and TechnologyAuthors: Harish Govinda Gowda
Abstract: In the era of rapid digital transformation and cloud-native architectures, enterprises face growing pressure to deliver secure, high-quality software at speed. Traditional CI/CD pipelines often fall short in terms of scalability, responsiveness, and integrated security, especially in multi-cloud environments like AWS and GCP. This article explores the evolution and implementation of event-driven DevSecOps pipelines as a solution to these challenges. By using event triggers to orchestrate build, test, security, and deployment workflows, teams can achieve continuous compliance and rapid delivery with minimal manual intervention. The article discusses key architectural patterns, toolchains, and automation strategies that enable real-time pipeline responsiveness. It highlights how integrating tools such as SonarQube, Veracode, Trivy, OPA, and HashiCorp Vault ensures security and policy enforcement are embedded throughout the pipeline lifecycle. A case study is presented to illustrate the transformation of a legacy pipeline into an event-driven, secure delivery model across AWS and GCP.
DOI: https://doi.org/10.5281/zenodo.15919205
