METHODS FOR ADAPTIVE PRIORITIZATION OF REGRESSION TESTING IN DEVSECOPS ENVIRONMENTS CONSIDERING INFORMATION SECURITY RISKS OF ONLINE SERVICES

Abstract

Modern online services, particularly government digital platforms, operate under conditions of high development dynamics and increased cyber threats, which necessitates the integration of security considerations into the software testing process. This paper addresses the problem of regression test prioritization in DevSecOps environments, where time and resource constraints within CI/CD pipelines make it infeasible to execute the entire test suite. An analysis of contemporary regression test prioritization methods is conducted, including approaches based on code coverage, defect history, previous test execution results, risk assessment, heuristic algorithms, and machine learning techniques. Their strengths and limitations are identified in terms of fault detection effectiveness, adaptability, implementation complexity, and suitability for CI/CD environments. Particular attention is given to evaluating the extent to which information security risks are considered within each approach. It is established that most existing methods primarily focus on the detection of functional defects and do not incorporate security factors as an independent prioritization criterion, which may result in overlooking components critical from a security perspective. Based on the comparative analysis, key limitations of current approaches are identified, including the lack of integration with security analysis tools, reliance on indirect quality indicators, insufficient adaptability to evolving threat landscapes, and neglect of system usage context. The necessity of developing adaptive regression test prioritization approaches that integrate security metrics into the decision-making process is substantiated.