The increasing complexity of software supply chains and the rising frequency of security breaches necessitate robust securityintegration in CI/CD pipelines. This paper presents an intelligent CI/CD pipelinethat integrates Static Application Security Testing (SAST) tools with agentic AI for automated vulnerability patching. Our framework automatically detects code-level security issues upon code push, generates comprehensive security reports, employs AI agents to generate and apply patches, performs regression security testing, and automates deployment upon vulnerability resolution. The system employs an ensemble of four SAST tools (Bandit, Pyre, Pylint, Semgrep) with weighted aggregation to achieve 94.7% vulnerability detection rate across 1,247 real-world vulnerabilities from 15 open-source Python Flask applications. The agentic AI framework, comprising three specialized agents (Code Understanding, Security Knowledge, and Patch Synthesis), achieves 87.3% successful automated patching rate while maintaining code functionality. The proposed system reduces mean-time-to-remediation (MTTR) from 3.7 days to 4.2 hours (95.3% reduction) with a false positive rate of only 8.7%. We demonstrate statistical significance (p < 0.001) across all performance metrics through rigorous evaluation. The system's integration with existing CI/CD workflows (Jenkins, GitLab CI, GitHub Actions) enables seamless adoption in enterprise environments. Our work represents a significant advancement toward fully autonomous DevSecOps pipelines, addressing critical gaps in current security automation approaches.
Vadla et al. (Sat,) studied this question.