Graph-Based Control-Impact Modeling for Predictive Change-Risk Mitigation in Regulated DevOps Pipelines
Author(s): Amol Diwakar Agade, Samta Balpande
Publication #: 2602024
Date of Publication: 05.02.2022
Country: United States
Pages: 1-15
Published In: Volume 8 Issue 1 February-2022
DOI: https://doi.org/10.62970/IJIRCT.v8.i1.2602024
Abstract
Regulated enterprises increasingly ship software through CI/CD, infrastructure as code (IaC), and policy as code, yet they must still satisfy audit-ready controls and narrow operational windows. In banking, deployment risk clusters around market cycles and settlement cutovers; in electric utilities, it concentrates around peak-load operations and maintenance windows where grid reliability obligations constrain change. This paper proposes a Control-Impact Graph (CIG): an explicit, auditable graph that links pipeline artifacts (source, build, IaC, configuration, and policy) to compliance controls, machine-verifiable evidence, and service outcomes. The CIG supports predictive change-risk scoring by fusing graph-derived structural features, controls-as-code signals, and AIOps indicators from logs and metrics. We use these scores to drive a risk-aware progressive delivery policy that selects canary, blue-green, staged hold, or rollback based on predicted risk, evidence completeness, and the current compliance window. Two sector-specific case studies—a banking payments/settlement flow and a utility telemetry ingestion service—illustrate patterns that improve delivery velocity without weakening the intent of existing controls.
Keywords: DevOps, DevSecOps, policy as code, controls as code, infrastructure as code, compliance automation, AIOps, risk prediction, graph learning, progressive delivery.
Download/View Count: 16
Share this Article