{"id":"https://openalex.org/W7166874727","doi":"https://doi.org/10.1145/3805773.3806003","title":"SafeAIMerge: A Tool for Integrating DAST and LLM-Generated Security Feedback into GitHub Actions Workflows","display_name":"SafeAIMerge: A Tool for Integrating DAST and LLM-Generated Security Feedback into GitHub Actions Workflows","publication_year":2026,"publication_date":"2026-06-30","ids":{"openalex":"https://openalex.org/W7166874727","doi":"https://doi.org/10.1145/3805773.3806003"},"language":null,"primary_location":{"id":"doi:10.1145/3805773.3806003","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3805773.3806003","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 ACM Secure Development Conference","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3805773.3806003","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5099127713","display_name":"Arpit Thool","orcid":"https://orcid.org/0009-0003-8132-2887"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Arpit Thool","raw_affiliation_strings":["Virginia Tech, Computer Science, Blacksburg, USA"],"raw_orcid":"https://orcid.org/0009-0003-8132-2887","affiliations":[{"raw_affiliation_string":"Virginia Tech, Computer Science, Blacksburg, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020005323","display_name":"Justin Smith","orcid":"https://orcid.org/0000-0001-6987-5196"},"institutions":[{"id":"https://openalex.org/I184759092","display_name":"Lafayette College","ror":"https://ror.org/036n0x007","country_code":"US","type":"education","lineage":["https://openalex.org/I184759092"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Justin Smith","raw_affiliation_strings":["Lafayette College, Computer Science, Easton, USA"],"raw_orcid":"https://orcid.org/0000-0001-6987-5196","affiliations":[{"raw_affiliation_string":"Lafayette College, Computer Science, Easton, USA","institution_ids":["https://openalex.org/I184759092"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101487551","display_name":"Chris Brown","orcid":"https://orcid.org/0000-0002-6036-4733"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chris Brown","raw_affiliation_strings":["Virginia Tech, Computer Science, Blacksburg, USA"],"raw_orcid":"https://orcid.org/0000-0002-6036-4733","affiliations":[{"raw_affiliation_string":"Virginia Tech, Computer Science, Blacksburg, USA","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"135","last_page":"146"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.5382999777793884,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.5382999777793884,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.10920000076293945,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.09910000115633011,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.8338000178337097},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.6987000107765198},{"id":"https://openalex.org/keywords/formative-assessment","display_name":"Formative assessment","score":0.5796999931335449},{"id":"https://openalex.org/keywords/workload","display_name":"Workload","score":0.4943000078201294},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.39890000224113464},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.36570000648498535},{"id":"https://openalex.org/keywords/baseline","display_name":"Baseline (sea)","score":0.3328000009059906},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.3321000039577484}],"concepts":[{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.8338000178337097},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7383999824523926},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.6987000107765198},{"id":"https://openalex.org/C42525527","wikidata":"https://www.wikidata.org/wiki/Q1209955","display_name":"Formative assessment","level":2,"score":0.5796999931335449},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.4943000078201294},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.491100013256073},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.39890000224113464},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.36570000648498535},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.34040001034736633},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.3328000009059906},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.3321000039577484},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.32269999384880066},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.32249999046325684},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3176000118255615},{"id":"https://openalex.org/C19527686","wikidata":"https://www.wikidata.org/wiki/Q1665453","display_name":"System integration","level":2,"score":0.2809000015258789},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.27900001406669617},{"id":"https://openalex.org/C26760741","wikidata":"https://www.wikidata.org/wiki/Q160402","display_name":"Perception","level":2,"score":0.2777000069618225},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.27549999952316284},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.27549999952316284},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.27399998903274536},{"id":"https://openalex.org/C2776397876","wikidata":"https://www.wikidata.org/wiki/Q1450531","display_name":"Cyberinfrastructure","level":2,"score":0.272599995136261},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.267300009727478},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.2669999897480011}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3805773.3806003","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3805773.3806003","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 ACM Secure Development Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3805773.3806003","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3805773.3806003","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 ACM Secure Development Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W160180318","https://openalex.org/W1512705235","https://openalex.org/W2007164980","https://openalex.org/W2084429940","https://openalex.org/W2112657059","https://openalex.org/W2606791856","https://openalex.org/W2767231363","https://openalex.org/W2769453414","https://openalex.org/W2795030435","https://openalex.org/W2863384436","https://openalex.org/W2884449598","https://openalex.org/W2887657564","https://openalex.org/W2945001297","https://openalex.org/W2954184070","https://openalex.org/W2985139693","https://openalex.org/W3006185978","https://openalex.org/W3006873388","https://openalex.org/W3041504416","https://openalex.org/W3088345331","https://openalex.org/W3093836561","https://openalex.org/W3173903393","https://openalex.org/W3194212450","https://openalex.org/W3202451838","https://openalex.org/W3203601245","https://openalex.org/W4233410239","https://openalex.org/W4280528532","https://openalex.org/W4286530315","https://openalex.org/W4301142158","https://openalex.org/W4312824631","https://openalex.org/W4380985821","https://openalex.org/W4392740881","https://openalex.org/W4398975153","https://openalex.org/W4408343551","https://openalex.org/W4408416916","https://openalex.org/W4409198830","https://openalex.org/W4410466153","https://openalex.org/W4411241072","https://openalex.org/W4411361637","https://openalex.org/W4414829630","https://openalex.org/W7084139843"],"related_works":[],"abstract_inverted_index":{"Continuous":[0],"integration":[1,13,176],"and":[2,8,51,55,85,97,121,157],"delivery":[3],"(CI/CD)":[4],"emphasizes":[5],"automated":[6],"workflows":[7,19,50],"rapid":[9],"deployment,":[10],"yet":[11,40],"the":[12,175],"of":[14,111,177],"security":[15,87],"practices":[16,179],"into":[17,180],"these":[18,41],"remains":[20],"a":[21,70,92,103,138],"persistent":[22],"challenge.":[23],"For":[24],"instance,":[25],"traditional":[26],"Dynamic":[27],"Application":[28],"Security":[29],"Testing":[30],"(DAST)":[31],"tools":[32],"are":[33,44,59],"effective":[34],"for":[35],"identifying":[36],"web":[37],"application":[38],"vulnerabilities,":[39],"complex":[42,56],"systems":[43],"difficult":[45,60],"to":[46,61,82,95,106,125,144,162,173],"integrate":[47],"in":[48,129,147],"CI/CD":[49],"often":[52],"produce":[53],"lengthy":[54],"reports":[57],"that":[58,72],"understand.":[62],"To":[63],"address":[64],"this":[65],"gap,":[66],"we":[67,101,170],"present":[68],"SafeAIMerge,":[69],"tool":[71,113,128],"integrates":[73],"DAST":[74,164,178],"within":[75],"GitHub":[76,188],"pull":[77],"requests":[78],"by":[79],"leveraging":[80],"LLMs":[81],"generate":[83],"actionable":[84],"developer-friendly":[86],"alert":[88],"summaries.":[89],"We":[90,117,132,150],"conducted":[91,137],"two-phase":[93],"study":[94,140],"motivate":[96],"evaluate":[98],"SafeAIMerge.":[99],"First,":[100],"distributed":[102],"formative":[104],"survey":[105],"capture":[107],"developers\u2019":[108],"initial":[109],"perceptions":[110,120],"our":[112,127,134,168],"(\ud835\udc5b":[114,141],"=":[115,142],"46).":[116],"observed":[118],"favorable":[119],"received":[122],"valuable":[123],"feedback":[124],"enhance":[126],"real-world":[130],"settings.":[131],"refined":[133],"tool,":[135],"then":[136],"user":[139],"12)":[143],"assess":[145],"SafeAIMerge":[146,152,184],"debugging":[148],"tasks.":[149],"found":[151],"reduces":[153],"perceived":[154],"developer":[155],"workload":[156],"enhances":[158],"vulnerability":[159],"remediation":[160],"compared":[161],"baseline":[163],"workflows.":[165],"Based":[166],"on":[167,187],"findings,":[169],"provide":[171],"insights":[172],"improve":[174],"modern":[181],"development":[182],"pipelines.":[183],"is":[185],"accessible":[186],"(github.com/arpitthool/SafeAIMerge).":[189]},"counts_by_year":[],"updated_date":"2026-07-14T23:27:15.235271","created_date":"2026-07-02T00:00:00"}
