This study examines the integration of cybersecurity practices into the Scaled Agile Framework (SAFe) as a structured approach for securing large-scale IT projects. The research analyzes how DevSecOps activities–such as SAST, DAST, SCA, container scanning, and configuration control–enhance the security of the Continuous Delivery Pipeline by enabling continuous vulnerability detection and reducing human-factor risks. Threat modeling methods, including STRIDE, PASTA, and LINDDUN, are evaluated for their effectiveness in identifying security risks at early design stages and informing architectural decisions. The study also highlights the role of Zero Trust principles, Architecture Decision Records, and Security Enablers in ensuring resilient system architecture. Additional mechanisms, such as Security Backlog Items, enhanced Definition of Done criteria, and compliance tasks aligned with ISO/IEC 27001, GDPR, PCI DSS, and HIPAA, were shown to support regulatory adherence. The involvement of Security Champions significantly improves communication between development teams and security experts, fostering a stronger security culture. Overall, the findings demonstrate that SAFe provides a comprehensive foundation for integrating cybersecurity across organizational levels, thereby improving product reliability and operational resilience. 

1. Cybersecurity Ventures (2023). 2023 Official Cybercrime Report: Cybersecurity market data, insights & statistics. https://cybersecurityventures.com/cybercrime-report/. 

2. Gartner (2024). Gartner forecast: Security and risk management trends in agile and DevSecOps. Gartner Research. https://www.gartner.com. 

3. VersionOne (2023). 17th Annual State of Agile Report. Digital.ai. https://digital.ai/resources/state-of-agile-report. 

4. State Service of Special Communications and Information Protection of Ukraine (2024). Annual cybersecurity report of Ukraine 2022–2024. https://cip.gov.ua. 

5. ESET (2024). ESET Threat Report 2024: Global trends in cyberattacks. ESET Research. https://www.eset.com/int/security-report. 

6. IT Ukraine Association (2023). Ukrainian IT industry report: Outsourcing market overview and security compliance requirements. https://itukraine.org.ua. 

7. Deloitte (2024). Deloitte Cyber Report 2024: Global challenges in integrating security into Agile and DevSecOps. Deloitte Insights. https://www2.deloitte.com. 

8. Shahid J., Hameed M. K., Javed I. T., Qureshi K. N., Ali M., & Crespi N. (2020). Integrating security into agile software development processes. IEEE. https://doi.org/10.1109/ACCESS.2020.2968524. 

9. Moyon F., Mendez Fernandez D., Beckers K., Klepper S. (2021). How to integrate security compliance requirements with agile software engineering at scale? arXiv preprint arXiv:2105.13404. https://doi.org/10.48550/arXiv.2105.13404. 

10. WithSecure (2022). Using SAFe to align cyber security and executive goals. https://www.withsecure.com/content/dam/withsecure/global/en/white-papers/using-safe-to-align-cyber-security-and-ecutive-goals.pdf. 

11. LarkSuite (n.d.). Scaled Agile Framework (SAFe) for cybersecurity teams. https://www.larksuite.com/en_us/static/docs/safe_cybersecurity.pdf. 

12. Aljuneidi A., et al. (2021). DevSecOps: Integrating security into DevOps. ACM Computing Surveys. https://doi.org/10.1145/3453151. 

13. Kaur A., & Chatterjee I. (2020) Secure DevOps: A systematic literature review. Information and Software Technology, 130. https://doi.org/10.1016/j.infsof.2020.106412. 

14.Chehaba A., et al. (2019). Built-in security in agile projects: Challenges and solutions. Springer. https://doi.org/10.1007/978-3-030-06019-0_18. 

15. Sabaliauskaite G., et al. (2022). Security activities in scaled agile: An empirical study. ICSOB Conference. https://doi.org/10.1007/978-3-031-07245-3_10. 

16. Shostack A. (2021). Threat modeling in Agile and DevOps. Microsoft Research. https://doi.org/10.48550/arXiv.2106.13353. 

17. DevOps Institute (2020). Continuous security: Automating secure software delivery. https://www.devopsinstitute.com/wp-content/uploads/Continuous-Security.pdf. 

18. Bass J. M. (2019). Security challenges in large-scale agile development. ACIS 2019. https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1006&context=acis2019. 

19. National Institute of Standards and Technology (2020). Zero Trust Architecture (NIST SP 800-207). https://doi.org/10.6028/NIST.SP.800-207. 

20. Ali S., et al. (2021) Security-by-design: A comprehensive survey. Computers & Security, 111. https://doi. org/10.1016/j.cose.2021.102357. 

21. Ahmad I., et al. (2021). Agile DevSecOps for cloud-native applications. IEEE. https://doi.org/10.1109/ACCESS.2021.3054527. 

22. Martins R., et al. (2020). Security automation in CI/CD pipelines. Software Engineering Journal. https: //doi.org/10.1109/MSEC.2020.3014683. 

23 Stadnyk M., Palamar A. (2022). Project management features in the cybersecurity area. Scientific Journal of the Ternopil National Technical University, 2(106), 54–62. https://doi.org/10.33108/visnyk_tntu2022.02.054. 

1. Cybersecurity Ventures (2023). 2023 Official Cybercrime Report: Cybersecurity market data, insights & statistics. https://cybersecurityventures.com/cybercrime-report/. 

2. Gartner (2024). Gartner forecast: Security and risk management trends in agile and DevSecOps. Gartner Research. https://www.gartner.com. 

3. VersionOne (2023). 17th Annual State of Agile Report. Digital.ai. https://digital.ai/resources/state-of-agile-report. 

4. State Service of Special Communications and Information Protection of Ukraine (2024). Annual cybersecurity report of Ukraine 2022–2024. https://cip.gov.ua. 

5. ESET (2024). ESET Threat Report 2024: Global trends in cyberattacks. ESET Research. https://www.eset.com/int/security-report. 

6. IT Ukraine Association (2023). Ukrainian IT industry report: Outsourcing market overview and security compliance requirements. https://itukraine.org.ua. 

7. Deloitte (2024). Deloitte Cyber Report 2024: Global challenges in integrating security into Agile and DevSecOps. Deloitte Insights. https://www2.deloitte.com. 

8. Shahid J., Hameed M. K., Javed I. T., Qureshi K. N., Ali M., & Crespi N. (2020). Integrating security into agile software development processes. IEEE. https://doi.org/10.1109/ACCESS.2020.2968524. 

9. Moyon F., Mendez Fernandez D., Beckers K., Klepper S. (2021). How to integrate security compliance requirements with agile software engineering at scale? arXiv preprint arXiv:2105.13404. https://doi.org/10.48550/arXiv.2105.13404. 

10. WithSecure (2022). Using SAFe to align cyber security and executive goals. https://www.withsecure.com/content/dam/withsecure/global/en/white-papers/using-safe-to-align-cyber-security-and-ecutive-goals.pdf. 

11. LarkSuite (n.d.). Scaled Agile Framework (SAFe) for cybersecurity teams. https://www.larksuite.com/en_us/static/docs/safe_cybersecurity.pdf. 

12. Aljuneidi A., et al. (2021). DevSecOps: Integrating security into DevOps. ACM Computing Surveys. https://doi.org/10.1145/3453151. 

13. Kaur A., & Chatterjee I. (2020) Secure DevOps: A systematic literature review. Information and Software Technology, 130. https://doi.org/10.1016/j.infsof.2020.106412. 

14.Chehaba A., et al. (2019). Built-in security in agile projects: Challenges and solutions. Springer. https://doi.org/10.1007/978-3-030-06019-0_18. 

15. Sabaliauskaite G., et al. (2022). Security activities in scaled agile: An empirical study. ICSOB Conference. https://doi.org/10.1007/978-3-031-07245-3_10. 

16. Shostack A. (2021). Threat modeling in Agile and DevOps. Microsoft Research. https://doi.org/10.48550/arXiv.2106.13353. 

17. DevOps Institute (2020). Continuous security: Automating secure software delivery. https://www.devopsinstitute.com/wp-content/uploads/Continuous-Security.pdf. 

18. Bass J. M. (2019). Security challenges in large-scale agile development. ACIS 2019. https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1006&context=acis2019. 

19. National Institute of Standards and Technology (2020). Zero Trust Architecture (NIST SP 800-207). https://doi.org/10.6028/NIST.SP.800-207. 

20. Ali S., et al. (2021) Security-by-design: A comprehensive survey. Computers & Security, 111. https://doi. org/10.1016/j.cose.2021.102357. 

21. Ahmad I., et al. (2021). Agile DevSecOps for cloud-native applications. IEEE. https://doi.org/10.1109/ACCESS.2021.3054527. 

22. Martins R., et al. (2020). Security automation in CI/CD pipelines. Software Engineering Journal. https: //doi.org/10.1109/MSEC.2020.3014683. 

23 Stadnyk M., Palamar A. (2022). Project management features in the cybersecurity area. Scientific Journal of the Ternopil National Technical University, 2(106), 54–62. https://doi.org/10.33108/visnyk_tntu2022.02.054.