{"id":"https://openalex.org/W7116854579","doi":"https://doi.org/10.1145/3727967.3756841","title":"Comparative Analysis of AI-Driven Security Approaches in DevSecOps: Challenges, Solutions, and Future Directions","display_name":"Comparative Analysis of AI-Driven Security Approaches in DevSecOps: Challenges, Solutions, and Future Directions","publication_year":2025,"publication_date":"2025-06-17","ids":{"openalex":"https://openalex.org/W7116854579","doi":"https://doi.org/10.1145/3727967.3756841"},"language":null,"primary_location":{"id":"doi:10.1145/3727967.3756841","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756841","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3727967.3756841","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5042308198","display_name":"Farid Binbeshr","orcid":"https://orcid.org/0000-0001-8630-1784"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":true,"raw_author_name":"Farid Binbeshr","raw_affiliation_strings":["Interdisciplinary Research Center for Intelligent Secure Systems, King Fahd University of Petroleum and Minerals, Dhahran, Eastren Province, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-8630-1784","affiliations":[{"raw_affiliation_string":"Interdisciplinary Research Center for Intelligent Secure Systems, King Fahd University of Petroleum and Minerals, Dhahran, Eastren Province, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103345725","display_name":"M. Mudasar Imam","orcid":null},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Muhammad Imam","raw_affiliation_strings":["Computer Engineering Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-9131-6964","affiliations":[{"raw_affiliation_string":"Computer Engineering Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5042308198"],"corresponding_institution_ids":["https://openalex.org/I134085113"],"apc_list":null,"apc_paid":null,"fwci":8.7153,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.97686171,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"142","last_page":"151"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.14180000126361847,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.14180000126361847,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.13439999520778656,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.12070000171661377,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/order","display_name":"Order (exchange)","score":0.45249998569488525},{"id":"https://openalex.org/keywords/best-practice","display_name":"Best practice","score":0.4397999942302704},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.3946000039577484},{"id":"https://openalex.org/keywords/isolation","display_name":"Isolation (microbiology)","score":0.3720000088214874},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.3682999908924103},{"id":"https://openalex.org/keywords/open-research","display_name":"Open research","score":0.364300012588501},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.31290000677108765},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.3025999963283539}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6032999753952026},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5109000205993652},{"id":"https://openalex.org/C182306322","wikidata":"https://www.wikidata.org/wiki/Q1779371","display_name":"Order (exchange)","level":2,"score":0.45249998569488525},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.4397999942302704},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.3946000039577484},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37630000710487366},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.3720000088214874},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3682999908924103},{"id":"https://openalex.org/C2778464652","wikidata":"https://www.wikidata.org/wiki/Q309849","display_name":"Open research","level":2,"score":0.364300012588501},{"id":"https://openalex.org/C539667460","wikidata":"https://www.wikidata.org/wiki/Q2414942","display_name":"Management science","level":1,"score":0.31839999556541443},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.31290000677108765},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.3025999963283539},{"id":"https://openalex.org/C189708586","wikidata":"https://www.wikidata.org/wiki/Q1504425","display_name":"Systematic review","level":3,"score":0.3019999861717224},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.2996000051498413},{"id":"https://openalex.org/C175309249","wikidata":"https://www.wikidata.org/wiki/Q725864","display_name":"Pipeline transport","level":2,"score":0.2987000048160553},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.28839999437332153},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.2815000116825104},{"id":"https://openalex.org/C44280652","wikidata":"https://www.wikidata.org/wiki/Q104837","display_name":"Phase (matter)","level":2,"score":0.272599995136261},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2689000070095062},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.26460000872612},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.26429998874664307},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.2565000057220459},{"id":"https://openalex.org/C157170001","wikidata":"https://www.wikidata.org/wiki/Q4781507","display_name":"Applications of artificial intelligence","level":2,"score":0.25110000371932983},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.250900000333786}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3727967.3756841","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756841","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3727967.3756841","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756841","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W2296411824","https://openalex.org/W2897977956","https://openalex.org/W3001443755","https://openalex.org/W3035728199","https://openalex.org/W3036447000","https://openalex.org/W3047752424","https://openalex.org/W3150051937","https://openalex.org/W3168004025","https://openalex.org/W3193339215","https://openalex.org/W4243137961","https://openalex.org/W4281713233","https://openalex.org/W4291178743","https://openalex.org/W4297786875","https://openalex.org/W4312090294","https://openalex.org/W4312236807","https://openalex.org/W4362489974","https://openalex.org/W4367053650","https://openalex.org/W4376606606","https://openalex.org/W4389365900","https://openalex.org/W4390659396","https://openalex.org/W4391807617","https://openalex.org/W4392124691","https://openalex.org/W4392511112","https://openalex.org/W4403447101"],"related_works":[],"abstract_inverted_index":{"DevSecOps,":[0],"which":[1],"integrates":[2],"security":[3,18,36,69],"practices":[4,108],"into":[5,101],"every":[6],"phase":[7],"of":[8,67,99],"DevOps,":[9],"is":[10],"increasingly":[11],"adopted":[12],"to":[13,34,125],"balance":[14],"rapid":[15],"delivery":[16],"with":[17],"needs.":[19],"Artificial":[20],"Intelligence":[21],"(AI)":[22],"and":[23,41,81,96,117],"Machine":[24],"Learning":[25],"(ML)":[26],"techniques":[27,50],"are":[28],"frequently":[29],"applied":[30],"in":[31,51,71,89,92,110,123],"DevSecOps":[32],"pipelines":[33],"automate":[35],"checks,":[37],"improve":[38],"threat":[39],"detection,":[40],"enforce":[42],"compliance.":[43],"Yet,":[44],"most":[45],"existing":[46],"research":[47,115],"examines":[48],"these":[49],"isolation":[52],"without":[53],"comparing":[54],"approaches.":[55],"To":[56],"address":[57],"that":[58],"gap,":[59],"we":[60],"performed":[61],"a":[62],"systematic":[63],"literature":[64],"review":[65,85],"(SLR)":[66],"AI-driven":[68],"solutions":[70],"DevSecOps.":[72,128],"We":[73,104],"evaluated":[74],"each":[75],"approach\u2019s":[76],"technical":[77],"capabilities,":[78],"implementation":[79],"challenges,":[80],"operational":[82],"impact.":[83],"Our":[84],"found":[86],"notable":[87],"shortcomings":[88],"current":[90],"approaches\u2014particularly":[91],"real-world":[93],"validation,":[94],"scalability,":[95],"seamless":[97],"integration":[98],"AI":[100],"development":[102],"pipelines.":[103],"also":[105],"highlight":[106],"best":[107],"observed":[109],"the":[111],"literature,":[112],"identify":[113],"open":[114],"questions,":[116],"suggest":[118],"directions":[119],"for":[120],"future":[121],"work":[122],"order":[124],"advance":[126],"AI-enabled":[127]},"counts_by_year":[{"year":2026,"cited_by_count":3}],"updated_date":"2025-12-23T23:15:37.779995","created_date":"2025-12-23T00:00:00"}