Shift-Left Security in DevSecOps Pipelines: Automated Vulnerability Detection at Commit Time

Abstract

Integrating security scanning into the earliest stages of software delivery�commonly termed "shift-left"�reduces remediation cost and exposure window. This paper introduces SecureGate, a lightweight static and dynamic analysis framework embedded directly into pre-commit hooks and CI runners. SecureGate combines SAST, SCA, and secret-scanning modules under a unified policy engine. Evaluation across 9 open-source projects and 2 enterprise codebases demonstrated a 58% reduction in vulnerabilities reaching staging and a 71% decrease in third-party dependency exploits. Developer survey results indicate minimal workflow friction, with 89% of participants rating the tool as non-disruptive to their daily coding habits.