Comprehensive Security Framework for Serverless Computing: Integrating DevSecOps Practices in Aws Lambda and Azure Functions

Yelkoti, Naresh Kiran Kumar Reddy (2025) Comprehensive Security Framework for Serverless Computing: Integrating DevSecOps Practices in Aws Lambda and Azure Functions. World Journal of Advanced Engineering Technology and Sciences, 15 (3). pp. 1393-1401. ISSN 2582-8266

Serverless computing has fundamentally transformed application architecture by abstracting infrastructure management, yet this paradigm shift introduces distinctive security challenges that conventional tools struggle to address. The ephemeral nature of serverless functions creates visibility gaps that leave organizations vulnerable to configuration drift, runtime attacks, and compliance violations. This article presents a comprehensive security framework that addresses these challenges through systematic integration of protection mechanisms across the entire serverless lifecycle. The framework encompasses static code analysis tailored for function-based architectures, automated configuration scanning that adapts to rapid deployment cycles, and agentless runtime monitoring that maintains performance efficiency. By embedding Policy as Code within CI/CD pipelines and implementing lightweight instrumentation techniques, organizations can achieve continuous compliance with standards such as PCI-DSS and CIS benchmarks while maintaining developer agility. The proposed model demonstrates how security controls can be seamlessly integrated without impeding deployment velocity, utilizing automated compliance checks and real-time threat detection to minimize both misconfiguration risks and runtime vulnerabilities. This holistic approach enables organizations to leverage the benefits of serverless computing while maintaining robust security postures across their AWS Lambda and Azure Functions deployments.