devsecops-agents-flow-squad

Inspiration

Modern development teams move quickly, but security, compliance, and testing still create bottlenecks. Even with CI/CD pipelines, developers often rely on manual validation and disconnected tools, which slows down delivery and increases risk.

We wanted to address this gap by building a system where AI does not just assist but actively participates in the software development lifecycle. The goal was to turn passive automation into intelligent, decision-driven workflows.

What it does

DevSecOps ML Gatekeeper is a multi-agent AI system integrated with GitLab pipelines that automates key DevSecOps processes.

When code is pushed or a merge request is created:

A GitLab CI/CD pipeline is triggered
GitLab Duo Agent Flow orchestrates multiple AI agents:
- Extractor Agent analyzes code changes and dependencies
- Validator Agent checks for security vulnerabilities and risks
- Reviewer Agent evaluates code quality and best practices
- Orchestrator Agent aggregates all outputs
Each agent contributes its analysis
The system produces:
- Risk Score (0–100)
- Final decision: APPROVE or REJECT
- Actionable insights

This transforms CI/CD pipelines into intelligent systems capable of automated code governance and deployment decisions.

How we built it

We designed a modular multi-agent architecture using Python. Core agents such as extractor, validator, and reviewer were implemented as independent components. An orchestrator was built to coordinate communication between agents and aggregate their outputs.

The system was integrated into GitLab CI/CD pipelines to enable event-driven execution. We implemented GitLab Duo Agent Flow using .gitlab/duo/agent-flow.yml to simulate real-world multi-agent orchestration within the pipeline.

The backend was containerized using Docker and deployed on Google Cloud Run, while a Streamlit frontend was developed for interaction and visualization.

Outputs were structured to provide clear, interpretable decisions for developers.

Challenges we ran into

Integrating multiple agents into a single coherent workflow
Handling API failures and network instability during pipeline execution
Ensuring compatibility with GitLab runners and CI policies
Working with enforced GitLab CI validation constraints (AI catalog validation)
Balancing robustness with simplicity for a hackathon timeline

Accomplishments that we're proud of

Built a true multi-agent DevSecOps system integrated with GitLab
Implemented GitLab Duo Agent Flow for orchestration
Achieved end-to-end automation from code input to decision output
Integrated CI/CD pipelines with intelligent AI-based validation
Designed a scalable and modular architecture
Successfully deployed backend services on Cloud Run

What we learned

Designing effective multi-agent systems requires clear role separation and orchestration logic
Event-driven workflows are essential for modern DevOps automation
Robust error handling is critical for production-ready AI systems
GitLab pipelines can be extended into intelligent decision-making systems
CI policy constraints can impact integration and require adaptive solutions

What's next for DevSecOps ML Gatekeeper

Integrate real static analysis and security scanning tools
Add advanced risk scoring and confidence metrics
Develop a dashboard for visualizing agent outputs
Enable automated remediation for detected issues
Integrate directly with GitLab APIs for live PR analysis
Expand into a full AI-driven DevSecOps platform

GitLab Integration

This project integrates deeply with GitLab:

GitLab CI/CD pipelines for automated execution
GitLab Duo Agent Flow for multi-agent orchestration
Merge request-based workflow triggering validation
AI catalog integration attempted (partially simulated due to CI policy constraints)