{"id":"https://openalex.org/W7127646430","doi":"https://doi.org/10.1145/3785520.3785525","title":"Systematic Review of Identity-Centric Security in Cloud-Native CI/CD Pipelines","display_name":"Systematic Review of Identity-Centric Security in Cloud-Native CI/CD Pipelines","publication_year":2025,"publication_date":"2025-11-26","ids":{"openalex":"https://openalex.org/W7127646430","doi":"https://doi.org/10.1145/3785520.3785525"},"language":null,"primary_location":{"id":"doi:10.1145/3785520.3785525","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3785520.3785525","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3785520.3785525?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 10th International Conference on Cloud Computing and Internet of Things","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3785520.3785525?download=true","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5091239061","display_name":"Sabbir M. Saleh","orcid":"https://orcid.org/0000-0001-9944-2615"},"institutions":[{"id":"https://openalex.org/I125749732","display_name":"Western University","ror":"https://ror.org/02grkyz14","country_code":"CA","type":"education","lineage":["https://openalex.org/I125749732"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Sabbir M. Saleh","raw_affiliation_strings":["Computer Science, University of Western Ontario, London, ON, Canada,"],"raw_orcid":"https://orcid.org/0000-0001-9944-2615","affiliations":[{"raw_affiliation_string":"Computer Science, University of Western Ontario, London, ON, Canada,","institution_ids":["https://openalex.org/I125749732"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000893987","display_name":"Nazim H. Madhavji","orcid":"https://orcid.org/0009-0006-5207-3203"},"institutions":[{"id":"https://openalex.org/I125749732","display_name":"Western University","ror":"https://ror.org/02grkyz14","country_code":"CA","type":"education","lineage":["https://openalex.org/I125749732"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Nazim H. Madhavji","raw_affiliation_strings":["Computer Science, University of Western Ontario, London, ON, Canada,"],"raw_orcid":"https://orcid.org/0009-0006-5207-3203","affiliations":[{"raw_affiliation_string":"Computer Science, University of Western Ontario, London, ON, Canada,","institution_ids":["https://openalex.org/I125749732"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5031430369","display_name":"John Steinbacher","orcid":null},"institutions":[{"id":"https://openalex.org/I4210113654","display_name":"IBM (Canada)","ror":"https://ror.org/025sxka56","country_code":"CA","type":"company","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210113654"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"John Steinbacher","raw_affiliation_strings":["Cloud Division, IBM Canada Lab, Markham, ON, Canada,"],"raw_orcid":"https://orcid.org/0009-0001-6572-6326","affiliations":[{"raw_affiliation_string":"Cloud Division, IBM Canada Lab, Markham, ON, Canada,","institution_ids":["https://openalex.org/I4210113654"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.78422715,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"23","last_page":"32"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.20260000228881836,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.20260000228881836,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.12070000171661377,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.11999999731779099,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.5504000186920166},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5440000295639038},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4767000079154968},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.46380001306533813},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4235999882221222},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.42289999127388},{"id":"https://openalex.org/keywords/identity","display_name":"Identity (music)","score":0.39750000834465027},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.39570000767707825}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7333999872207642},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.616599977016449},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.5504000186920166},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5440000295639038},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4767000079154968},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.46380001306533813},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4235999882221222},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.42289999127388},{"id":"https://openalex.org/C2778355321","wikidata":"https://www.wikidata.org/wiki/Q17079427","display_name":"Identity (music)","level":2,"score":0.39750000834465027},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.39570000767707825},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.3817000091075897},{"id":"https://openalex.org/C175309249","wikidata":"https://www.wikidata.org/wiki/Q725864","display_name":"Pipeline transport","level":2,"score":0.38119998574256897},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.34470000863075256},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.34450000524520874},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.33649998903274536},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.3149000108242035},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.2944999933242798},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.2849000096321106},{"id":"https://openalex.org/C2778062554","wikidata":"https://www.wikidata.org/wiki/Q3404031","display_name":"Security community","level":2,"score":0.27219998836517334},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.27059999108314514},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.26919999718666077},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.2662000060081482},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.26600000262260437}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3785520.3785525","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3785520.3785525","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3785520.3785525?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 10th International Conference on Cloud Computing and Internet of Things","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3785520.3785525","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3785520.3785525","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3785520.3785525?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 10th International Conference on Cloud Computing and Internet of Things","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7870138883590698}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7127646430.pdf","grobid_xml":"https://content.openalex.org/works/W7127646430.grobid-xml"},"referenced_works_count":39,"referenced_works":["https://openalex.org/W1543369828","https://openalex.org/W1975675278","https://openalex.org/W2019672983","https://openalex.org/W2086585882","https://openalex.org/W2520368837","https://openalex.org/W2560438049","https://openalex.org/W2763950196","https://openalex.org/W2773120226","https://openalex.org/W2937086237","https://openalex.org/W3010829453","https://openalex.org/W3018067527","https://openalex.org/W3109094705","https://openalex.org/W3165728054","https://openalex.org/W3186243894","https://openalex.org/W3188584287","https://openalex.org/W4223981499","https://openalex.org/W4253329728","https://openalex.org/W4280556079","https://openalex.org/W4280584462","https://openalex.org/W4285167975","https://openalex.org/W4292158527","https://openalex.org/W4293023295","https://openalex.org/W4308562555","https://openalex.org/W4381734723","https://openalex.org/W4385080362","https://openalex.org/W4386946955","https://openalex.org/W4391558525","https://openalex.org/W4399114138","https://openalex.org/W4403221959","https://openalex.org/W4404055039","https://openalex.org/W4404514821","https://openalex.org/W4404515188","https://openalex.org/W4404579260","https://openalex.org/W4404628324","https://openalex.org/W4405520320","https://openalex.org/W4406134299","https://openalex.org/W4409640213","https://openalex.org/W4415026052","https://openalex.org/W4415746249"],"related_works":[],"abstract_inverted_index":{"As":[0],"cloud-native":[1,154],"CI/CD":[2,34,155],"pipelines":[3],"automate":[4],"software":[5],"delivery":[6],"at":[7],"scale,":[8],"identity-centric":[9,142],"security":[10],"has":[11],"become":[12],"a":[13,19,57,136],"critical":[14],"concern.":[15],"This":[16],"paper":[17],"reports":[18],"systematic":[20],"literature":[21],"review":[22,113],"of":[23],"59":[24],"peer-reviewed":[25],"studies":[26],"that":[27,106],"examine":[28],"authentication":[29],"and":[30,50,61,77,101,109,120,145],"authorisation":[31],"(AuthN/AuthZ)":[32],"in":[33,117,153],"workflows.":[35],"We":[36,54],"synthesise":[37],"key":[38],"vulnerability":[39,59],"classes,":[40],"including":[41,93],"token":[42],"theft,":[43],"privilege":[44],"escalation,":[45],"session":[46],"hijacking,":[47],"supply-chain":[48],"abuse,":[49],"misaligned":[51],"microservice":[52],"identities.":[53],"then":[55],"introduce":[56],"CI/CD-specific":[58],"taxonomy":[60],"systematically":[62],"map":[63],"established":[64],"mechanisms":[65],"such":[66],"as":[67,123,125],"OAuth":[68],"2.0,":[69],"Kerberos,":[70],"SAML,":[71],"mTLS,":[72],"RBAC/ABAC,":[73],"XACML,":[74],"API":[75],"gateways,":[76],"MFA":[78],"to":[79,128],"the":[80,86],"attack":[81],"vectors":[82],"they":[83],"mitigate":[84],"across":[85],"pipeline.":[87],"Finally,":[88],"we":[89],"analyse":[90],"emerging":[91],"trends,":[92],"Zero-Trust":[94],"Architecture,":[95],"decentralised":[96],"identity,":[97],"service-mesh-based":[98],"access":[99,152],"control,":[100],"cryptographically":[102],"anchored":[103],"identity":[104,131],"models":[105],"use":[107],"blockchain":[108],"self-sovereign":[110],"identity.":[111],"The":[112],"exposes":[114],"persistent":[115],"gaps":[116],"configuration,":[118],"observability,":[119],"runtime":[121],"enforcement,":[122],"well":[124],"organisational":[126],"barriers":[127],"adopting":[129],"stronger":[130],"controls.":[132],"Our":[133],"findings":[134],"provide":[135],"structured":[137],"foundation":[138],"for":[139,150],"designing":[140],"trustworthy,":[141],"DevSecOps":[143],"practices":[144],"highlight":[146],"concrete":[147],"research":[148],"directions":[149],"securing":[151],"environments.":[156]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-02-06T00:00:00"}
