{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T14:01:12Z","timestamp":1775916072606,"version":"3.50.1"},"reference-count":145,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,11,5]],"date-time":"2024-11-05T00:00:00Z","timestamp":1730764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,11,5]],"date-time":"2024-11-05T00:00:00Z","timestamp":1730764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100017159","name":"ISCTE \u2013 Instituto Universit\u00e1rio","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100017159","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,2]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Nowadays, software development happens at a fast pace. At the same time, Information Technology organizations face higher demands and competition while struggling with external threats such as cyberattacks. Therefore, many organizations adopt DevOps as a working culture to improve their Software Development Lifecycle (SDL). However, the success of DevOps adoption remains inconsistent, and recently, IEEE introduced a DevOps standard that might help improve DevOps adoption. The standard mentions DevSecOps as the security aspect of DevOps, adding security practices to the SDL from inception, but what are these practices or capabilities? Which tools can be used to implement these practices? Therefore, a Multivocal Literature Review was performed to identify DevSecOps practices and their definitions, and which tools can be used to implement them.<\/jats:p>","DOI":"10.1007\/s10207-024-00914-z","type":"journal-article","created":{"date-parts":[[2024,11,5]],"date-time":"2024-11-05T02:01:53Z","timestamp":1730772113000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":24,"title":["DevSecOps practices and tools"],"prefix":"10.1007","volume":"24","author":[{"given":"Lu\u00eds","family":"Prates","sequence":"first","affiliation":[]},{"given":"R\u00faben","family":"Pereira","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,11,5]]},"reference":[{"key":"914_CR1","unstructured":"J. Humble and D. Farley, Continuous Delivery: Reliable Software Releases Through Build, Test, and Deployment Automation, Addison-Wesley Professional, 2010."},{"key":"914_CR2","doi-asserted-by":"crossref","unstructured":"B. Fitzgerald and K. Stol, \"Continuous Software Engineering and beyond: Trends and Challenges,\" in Proceedings of the 1st International Workshop on Rapid Continuous Software Engineering, Hyderabad, India, 2014.","DOI":"10.1145\/2593812.2593813"},{"key":"914_CR3","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-662-44879-3_8","volume":"8745","author":"J Wettinger","year":"2014","unstructured":"Wettinger, J., Breitenb\u00fccher, U., Leymann, F.: DevOpSlang \u2013 Bridging the Gap between Development and Operations. Lect. Notes Comput. Sci. 8745, 108\u2013122 (2014)","journal-title":"Lect. Notes Comput. Sci."},{"key":"914_CR4","doi-asserted-by":"crossref","unstructured":"S. K. Bang, S. Chung, Y. Choh and M. Dupuis, \"A Grounded Theory Analysis of Modern Web Applications: Knowledge, Skills, and Abilities for DevOps,\" in Proceedings of the 2nd Annual Conference on Research in Information Technology, Orlando, Florida, USA, 2013.","DOI":"10.1145\/2512209.2512229"},{"key":"914_CR5","doi-asserted-by":"crossref","unstructured":"A. Dyck, R. Penners and H. Lichter, \"Towards Definitions for Release Engineering and DevOps,\" 2015 IEEE\/ACM 3rd International Workshop on Release Engineering, p. 3, 2015.","DOI":"10.1109\/RELENG.2015.10"},{"key":"914_CR6","unstructured":"Labs, Puppet, \"2021 State of DevOps Report,\" Puppet Labs, 2021. [Online]. Available: https:\/\/media.webteam.puppet.com\/uploads\/2021\/07\/Puppet-State-of-DevOps-Report-2021.pdf. [Accessed September 2022]."},{"key":"914_CR7","unstructured":"G. Kim, \"Top 11 Things You Need to Know About DevOps,\" 2012. [Online]. Available: https:\/\/www.itrevolution.com\/wp-content\/uploads\/2012\/11\/11things.pdf. [Accessed 5 October 2022]."},{"key":"914_CR8","unstructured":"Gitlab, \"Global DevSecOps Survey Thriving in an insecure world,\" 2022. [Online]. Available: https:\/\/about.gitlab.com\/developer-survey\/. [Accessed 5 October 2022]."},{"key":"914_CR9","doi-asserted-by":"crossref","unstructured":"I. Security, Cost of a Data Breach Report 2022, 2022.","DOI":"10.12968\/S1353-4858(22)70049-9"},{"key":"914_CR10","doi-asserted-by":"crossref","unstructured":"H. Myrbakken and R. Colomo-Palacios. 2017. DevSecOps: A Multivocal Literature Review. in SPICE 2017. Communications in Computer and Information Science. Springer International Publishing. cham","DOI":"10.1007\/978-3-319-67383-7_2"},{"key":"914_CR11","unstructured":"IEEE Computer Society Software & Systems Engineering Standards Committee, \"IEEE Standard for DevOps: Building Reliable and Secure Systems Including Application Build, Package, and Deployment,\" IEEE Std 2675\u20132021, pp. 1\u201391, 2021."},{"key":"914_CR12","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1145\/2524713.2524721","volume":"56","author":"J Roche","year":"2013","unstructured":"Roche, J.: Adopting DevOps practices in quality assurance. Commun. ACM 56, 38\u201343 (2013)","journal-title":"Commun. ACM"},{"key":"914_CR13","doi-asserted-by":"crossref","unstructured":"L. E. Lwakatare, P. Kuvaja and M. Oivo. Dimensions of devops in Agile Processes in Software Engineering and Extreme Programming: 16th International Conference, XP 2015. Helsinki. Finland.","DOI":"10.1007\/978-3-319-18612-2_19"},{"key":"914_CR14","first-page":"166","volume":"212","author":"J Smeds","year":"2015","unstructured":"Smeds, J., Nyborn, K., Pores, I.: DevOps: A Definition and Perceived Adoption Impediments. Agile Proce. Softw. Eng. Extreme Program. 212, 166\u2013177 (2015)","journal-title":"Agile Proce. Softw. Eng. Extreme Program."},{"key":"914_CR15","volume-title":"The DevOps Handbook, Portland, OR","author":"G Kim","year":"2016","unstructured":"Kim, G., Humble, J., Debois, P., Willis, J.: The DevOps Handbook, Portland, OR. IT Revolution Press, USA (2016)"},{"key":"914_CR16","doi-asserted-by":"publisher","first-page":"883","DOI":"10.1109\/TSE.2022.3166626","volume":"49","author":"R Amaro","year":"2023","unstructured":"Amaro, R., Pereira, R., da Silva, M.M.: Capabilities and practices in DevOps: a multivocal literature review. EEE Trans. Softw. Eng. 49, 883\u2013901 (2023)","journal-title":"EEE Trans. Softw. Eng."},{"key":"914_CR17","unstructured":"Google - Dora, \"DevOps Research and Assessment,\" Google, [Online]. Available: https:\/\/cloud.google.com\/architecture\/devops. [Accessed 1 June 2023]."},{"key":"914_CR18","doi-asserted-by":"crossref","unstructured":"M. Virmani. 2015. Understanding DevOps & bridging the gap from continuous integration to continuous delivery, in Fifth International Conference on the Innovative Computing Technology, Galacia, Spain.","DOI":"10.1109\/INTECH.2015.7173368"},{"key":"914_CR19","doi-asserted-by":"crossref","unstructured":"M. Senapathi, J. Buchan and H. Osman. 2018. DevOps Capabilities, Practices, and Challenges: Insights from a Case Study,\" in In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering, New York, NY, USA","DOI":"10.1145\/3210459.3210465"},{"key":"914_CR20","doi-asserted-by":"crossref","unstructured":"R. Jabbari, N. bin Ali, K. Petersen and B. Tanveer. 2016. What is DevOps? A Systematic Mapping Study on Definitions and Practices,\" in Proceedings of the Scientific Workshop Proceedings of XP2016, New York, NY, USA.","DOI":"10.1145\/2962695.2962707"},{"key":"914_CR21","doi-asserted-by":"crossref","unstructured":"L. Riungu-Kalliosaari, S. M\u00e4kinen, L. Lwakatare, J. Tiihonen and T. M\u00e4nnist\u00f6. 2016. DevOps Adoption Benefits and Challenges in Practice: A Case Study,\" Product-Focused Software Process Improvement, no Lecture Notes in Computer Science","DOI":"10.1007\/978-3-319-49094-6_44"},{"key":"914_CR22","volume-title":"DevOps is Simply Interaction Between Development and Operations,\" in First International Workshop DevOps 2018","author":"E Floris","year":"2019","unstructured":"Floris, E.: DevOps is Simply Interaction Between Development and Operations,\" in First International Workshop DevOps 2018. Chateau de Villebrumier, France (2019)"},{"key":"914_CR23","volume-title":"Software Process Improvement and Capability Determination no Communications in Computer and Information Science","author":"M S\u00e1nchez-Gord\u00f3n","year":"2018","unstructured":"S\u00e1nchez-Gord\u00f3n, M., Colomo-Palacios, R., \"Characterizing DevOps Culture: A Systematic Literature Review.: Software Process Improvement and Capability Determination no Communications in Computer and Information Science. Springer International Publishing, Cham (2018)"},{"key":"914_CR24","unstructured":"New Relic, \"New Relic: What is DevOps,\" New Relic, [Online]. Available: https:\/\/newrelic.com\/devops\/what-is-devops. [Accessed 25 June 2023]."},{"key":"914_CR25","unstructured":"Google, \"State of DevOps,\" Google, 2022. [Online]. Available: https:\/\/cloud.google.com\/devops\/state-of-devops. [Accessed 2 July 2023]."},{"key":"914_CR26","unstructured":"Dynatrace, \"State of DevOps,\" Dynatrace, 2023. [Online]. Available: https:\/\/www.dynatrace.com\/monitoring\/solutions\/devops-report\/?utm_source=google&utm_medium=cpc&utm_term=devops&utm_campaign=emea-south--devops-devops&utm_content=none&utm_campaign_id=15353438569&gclsrc=aw.ds&gclid=Cj0KCQjwkqSlBhDaARIsAFJANkhyCEp9G-PuHPWKX. [Accessed 2 July 2023]."},{"key":"914_CR27","unstructured":"A. Zaheeruddin and F. C. Shoba, \"Integrating Security with DevSecOps: Techniques and Challenges,\" in International Conference on Digitization, Sharjah, UAE, 2019."},{"key":"914_CR28","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1109\/MS.2017.3571578","volume":"34","author":"K Carter","year":"2017","unstructured":"Carter, K.: Francois Raynaud on DevSecOps. IEEE Softw. 34, 93\u201396 (2017)","journal-title":"IEEE Softw."},{"key":"914_CR29","doi-asserted-by":"crossref","unstructured":"N. Tomas, J. Li and H. Huang. 2019. An Empirical Study on Culture, Automation, Measurement, and Sharing of DevSecOps,\" in International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Oxford. UK.","DOI":"10.1109\/CyberSecPODS.2019.8884935"},{"key":"914_CR30","first-page":"6","volume":"24","author":"J Humble","year":"2011","unstructured":"Humble, J., Molesky, J.: Why enterprises must adopt devops to enable continuous delivery. Cutter IT Journal 24, 6\u201312 (2011)","journal-title":"Cutter IT Journal"},{"key":"914_CR31","volume-title":"Effective DevOps","author":"J Davis","year":"2016","unstructured":"Davis, J., Daniels, K.: Effective DevOps. O\u2019Reilly Media, USA (2016)"},{"key":"914_CR32","doi-asserted-by":"publisher","DOI":"10.1145\/2896941.2896946","volume-title":"Software Security in DevOps: Synthesizing Practitioners\u2019 Perceptions and Practices,\" in IEEE\/ACM International Workshop on Continuous Software Evolution and Delivery","author":"AAU Rahman","year":"2016","unstructured":"Rahman, A.A.U., Williams, L.: Software Security in DevOps: Synthesizing Practitioners\u2019 Perceptions and Practices,\" in IEEE\/ACM International Workshop on Continuous Software Evolution and Delivery. Austin, Texas, USA (2016)"},{"key":"914_CR33","doi-asserted-by":"crossref","unstructured":"V. Mohan and L. B. Othmane, \"SecDevOps: Is It a Marketing Buzzword? - Mapping Research on Security in DevOps,\" in 11th International Conference on Availability, Reliability and Security, Salzburg, 2016.","DOI":"10.1109\/ARES.2016.92"},{"key":"914_CR34","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4302-4570-4","volume-title":"DevOps for Developers, New York","author":"M H\u00fcttermann","year":"2012","unstructured":"H\u00fcttermann, M.: DevOps for Developers, New York. Springer Science, USA (2012)"},{"key":"914_CR35","volume-title":"DevSecOps","author":"G Wilson","year":"2020","unstructured":"Wilson, G.: DevSecOps. Rethink Press, UK (2020)"},{"key":"914_CR36","volume-title":"DevOpsSec, Sebastopol, CA","author":"J Bird","year":"2016","unstructured":"Bird, J.: DevOpsSec, Sebastopol, CA. O\u2019Reilly, USA (2016)"},{"key":"914_CR37","volume-title":"Implementing DevSecOps with Docker and Kubernetes","author":"J Candel","year":"2022","unstructured":"Candel, J.: Implementing DevSecOps with Docker and Kubernetes. BPB Publications, India (2022)"},{"key":"914_CR38","unstructured":"N. MacDonald and I. Head, \"DevSecOps: How to seamlessly integrate security into devops,\" Gartner, 2016."},{"key":"914_CR39","doi-asserted-by":"crossref","unstructured":"S. Dupont, G. Ginis, M. Malacario, C. Porretti, N. Maunero, C. Ponsard and P. Massonet, \"Incremental Common Criteria Certification Processes using DevSecOps Practices,\" in IEEE European Symposium on Security and Privacy Workshops, 2021 IEEE European Symposium on Security and Privacy Workshops, 2021.","DOI":"10.1109\/EuroSPW54576.2021.00009"},{"key":"914_CR40","doi-asserted-by":"crossref","unstructured":"R. Mao, H. Zhang, Q. Dai, H. Huang, G. Rong, H. Shen, L. Chen and K. Lu. 2020.Preliminary Findings about DevSecOps from Grey Literature in IEEE 20th International Conference on Software Quality, Reliability and Security, Macau, China","DOI":"10.1109\/QRS51102.2020.00064"},{"key":"914_CR41","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1016\/j.infsof.2018.09.006","volume":"106","author":"V Garousi","year":"2017","unstructured":"Garousi, V., Felderer, M., M\u00e4ntyl\u00e4, M.: Guidelines for including the grey literature and conducting multivocal literature reviews in software engineering. Inf. Softw. Technol. 106, 101\u2013121 (2017)","journal-title":"Inf. Softw. Technol."},{"key":"914_CR42","first-page":"1","volume":"33","author":"B Kitchenham","year":"2004","unstructured":"Kitchenham, B.: Procedures for performing systematic reviews.\" Keele. UK, Keele Univ. 33, 1\u201326 (2004)","journal-title":"UK, Keele Univ."},{"key":"914_CR43","doi-asserted-by":"crossref","unstructured":"V. Garousi, M. Felderer and M. V. Mantyl. 2016. The Need for Multivocal Literature Reviews in Software Engineering: Complementing Systematic Literature Reviews with Grey Literature,\" in Proceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering, Limerick, Ireland, 2016.","DOI":"10.1145\/2915970.2916008"},{"key":"914_CR44","doi-asserted-by":"publisher","first-page":"287","DOI":"10.3102\/00346543061003287","volume":"61","author":"MQ Patton","year":"1991","unstructured":"Patton, M.Q.: Towards Utility in Reviews of Multivocal Literatures. Rev. Educ. Res. 61, 287\u20132982 (1991)","journal-title":"Rev. Educ. Res."},{"key":"914_CR45","doi-asserted-by":"publisher","DOI":"10.1002\/14651858.MR000010.pub3","author":"S Hopewell","year":"2017","unstructured":"Hopewell, S., McDonald, S., Clarke, M., E. M.: Grey literature in meta-analyses of randomized trials of health care interventions.\". Cochrane database syst rev (2017). https:\/\/doi.org\/10.1002\/14651858.MR000010.pub3","journal-title":"Cochrane database syst rev"},{"key":"914_CR46","doi-asserted-by":"publisher","first-page":"1498","DOI":"10.1016\/j.jss.2012.12.052","volume":"86","author":"E Tom","year":"2013","unstructured":"Tom, E., Aurum, A., Vidgen, R.: An exploration of technical debt. J. Syst. Softw. 86, 1498\u20131516 (2013)","journal-title":"J. Syst. Softw."},{"key":"914_CR47","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1016\/j.infsof.2016.04.015","volume":"76","author":"V Garousi","year":"2016","unstructured":"Garousi, V., M\u00e4ntyl\u00e4, M.V.: When and what to automate in software testing? A multi-vocal literature review. Inf. Softw. Technol. 76, 92\u2013117 (2016)","journal-title":"Inf. Softw. Technol."},{"key":"914_CR48","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13643-016-0337-y","volume":"5","author":"J Adams","year":"2016","unstructured":"Adams, J., Hillier-Brown, F.C., Moore, H.J., Lake, A.A., Araujo-Soares, V., White, M., Summerbell, C.: Searching and synthesising \u2018grey literature\u2019and \u2018grey information\u2019in public health: critical reflections on three case studies. Syst. rev. 5, 1\u201311 (2016)","journal-title":"Syst. rev."},{"key":"914_CR49","doi-asserted-by":"publisher","first-page":"265","DOI":"10.3102\/00346543061003265","volume":"61","author":"RT Ogawa","year":"1991","unstructured":"Ogawa, R.T., Malen, B.: Towards rigor in reviews of multivocal literatures: applying the exploratory case study method. Rev. Educ. Res. 61, 265\u2013286 (1991)","journal-title":"Rev. Educ. Res."},{"issue":"4","key":"914_CR50","doi-asserted-by":"publisher","first-page":"432","DOI":"10.1111\/ijmr.12102","volume":"19","author":"RJ Adams","year":"2017","unstructured":"Adams, R.J., Smart, P., Huff, A.S.: Shades of grey: guidelines for working with the grey literature in systematic reviews for management and organizational studies. Int. j. manag. Rev. 19(4), 432\u2013454 (2017)","journal-title":"Int. j. manag. Rev."},{"key":"914_CR51","first-page":"134","volume":"23","author":"M Zaydi","year":"2020","unstructured":"Zaydi, M., Nassereddine, B.: DevSecOps practices for an agile and secure IT service management. Int. J. Inf. Decis. Sci. 23, 134\u2013149 (2020)","journal-title":"Int. J. Inf. Decis. Sci."},{"key":"914_CR52","doi-asserted-by":"crossref","unstructured":"R. N. Rajapakse, M. M. Zahedi, A. Babar and H. Shen. 2022. Challenges and solutions when adopting DevSecOps: A systematic review,\" Information and Software Technology,, vol. 141","DOI":"10.1016\/j.infsof.2021.106700"},{"key":"914_CR53","unstructured":"L. Prates, \"Prates23 - Github,\" 30 January 2023. [Online]. Available: https:\/\/github.com\/Prates23\/devsecops-practices-mlr. [Accessed 30 January 2023]."},{"key":"914_CR54","doi-asserted-by":"crossref","unstructured":"M. Christakis, T. Cottenier, A. Filieri, L. Luo, M. N. Mansur, L. Pike, N. Rosner, M. Sch\u00e4f, A. Sengupta and W. Visser. 2022. Input splitting for cloud-based static application security testing platforms in Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, New York, NY, USA, 2022.","DOI":"10.1145\/3540250.3558944"},{"key":"914_CR55","doi-asserted-by":"crossref","unstructured":"F. Angermeir, M. Voggenreiter, F. Moy\u00f3n and D. Mendez. 2021. Enterprise-driven open source software: a case study on security automation,\" In Proceedings of the 43rd International Conference on Software Engineering: Software Engineering in Practice. 278-287","DOI":"10.1109\/ICSE-SEIP52600.2021.00037"},{"key":"914_CR56","doi-asserted-by":"crossref","unstructured":"T. Rangnau, R. v. Buijtenen, F. Fransen and F. Turkmen. 2020. Continuous Security Testing: A Case Study on Integrating Dynamic Security Testing Tools in CI\/CD Pipelines,\" in EEE 24th International Enterprise Distributed Object Computing Conference (EDOC), Eindhoven, Netherlands.","DOI":"10.1109\/EDOC49727.2020.00026"},{"key":"914_CR57","doi-asserted-by":"crossref","unstructured":"S. Chalishhafshejani, B. K. Pham and M. G. Jaatun. 2022. Automating Security in a Continuous Integration Pipeline,\" Proceedings of the 7th International Conference on Internet of Things, Big Data and Security, pp. 231 - 238.","DOI":"10.5220\/0011083500003194"},{"key":"914_CR58","doi-asserted-by":"crossref","unstructured":"J. A. Morales, T. P. Scanlon, A. Volkmann, Y. Yankel and H. Ysar. 2020. Security impacts of sub-optimal DevSecOps implementations in a highly regulated environment,\" in Proceedings of the 15th International Conference on Availability, Reliability and Security, New York, NY, USA.","DOI":"10.1145\/3407023.3409186"},{"key":"914_CR59","first-page":"47","volume":"54","author":"M Chernyshev","year":"2021","unstructured":"Chernyshev, M., Baig, Z., Zeadally, S.: Cloud-native application security: risks, opportunities, and challenges in securing the evolving attack surface. Computing 54, 47\u201357 (2021)","journal-title":"Computing"},{"key":"914_CR60","doi-asserted-by":"crossref","unstructured":"D. Granata, Rak, M. and G. Salzillo. 2022. MetaSEnD: A Security Enabled Development Life Cycle Meta-Model,\" in Proceedings of the 17th International Conference on Availability, Reliability and Security, Vienna, Austria.","DOI":"10.1145\/3538969.3544463"},{"key":"914_CR61","doi-asserted-by":"crossref","unstructured":"P. Billawa, A. B. Tukaram, N. Ferreyra, J. Stegh\u00f6fer, R. Scandariato and G. Simhandl. 2022. SoK: Security of Microservice Applications: A Practitioners\u2019 Perspective on Challenges and Best Practices,\" in Proceedings of the 17th International Conference on Availability, Reliability and Security, New York, NY, USA, 2022.","DOI":"10.1145\/3538969.3538986"},{"key":"914_CR62","doi-asserted-by":"crossref","unstructured":"R. Desai and T. N. Nisha. 2021. Best Practices for Ensuring Security in DevOps: A Case Study Approach, Journal of Physics: Conference Series, vol. 1964, no. Advances in Computer Science Engineering, 2021.","DOI":"10.1088\/1742-6596\/1964\/4\/042045"},{"key":"914_CR63","doi-asserted-by":"crossref","unstructured":"F. Moy\u00f3n, R. Soares, M. Pinto-Albuquerque, D. Mendez and K. Beckers. 2020. Integration of Security Standards in DevOps Pipelines: An Industry Case Study, Lecture Notes in Computer Science.12562, 2020.","DOI":"10.1007\/978-3-030-64148-1_27"},{"key":"914_CR64","doi-asserted-by":"crossref","unstructured":"R. Brasoveanu, Y. Karabulut and I. Pashchenko, \"Security Maturity Self-Assessment Framework for Software Development Lifecycle,\" in Proceedings of the 17th International Conference on Availability, Reliability and Security, Vienna, Austria, 2022.","DOI":"10.1145\/3538969.3543806"},{"issue":"5","key":"914_CR65","first-page":"31","volume":"18","author":"C Woody","year":"2020","unstructured":"Woody, C., Chick, T., Reffett, A., Pavetti, S., Laughlin, R., Frye, B., Bandor, M.: DevSecOps Pipeline for Complex Software-Intensive Systems: Addressing Cybersecurity Challenges. J Syst, Cybern Inf: JSCI 18(5), 31\u201336 (2020)","journal-title":"J Syst, Cybern Inf: JSCI"},{"key":"914_CR66","doi-asserted-by":"crossref","unstructured":"H. Yasar and S. E. Teplov, \"DevSecOps In Embedded Systems: An Empirical Study Of Past Literature,\" in Proceedings of the 17th International Conference on Availability, Reliability and Security, Vienna, Austria, 2022.","DOI":"10.1145\/3538969.3544451"},{"key":"914_CR67","doi-asserted-by":"crossref","unstructured":"R. Kumar and R. Goyal. 2021. Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC),\" Innovative Data Communication Technologies and Application. Lecture Notes on Data Engineering and Communications Technologies. Springer Singapore. Singapore. 415-432","DOI":"10.1007\/978-981-15-9651-3_36"},{"key":"914_CR68","first-page":"47","volume":"10","author":"J Hong","year":"2019","unstructured":"Hong, J.: Component analysis of DevOps and DevSecOps. J. Korea Conver. Soc. 10, 47\u201353 (2019)","journal-title":"J. Korea Conver. Soc."},{"key":"914_CR69","doi-asserted-by":"crossref","unstructured":"D. Ashenden and G. Ollis. 2020. Putting the Sec in DevSecOps: Using Social Practice Theory to Improve Secure Software Development. in New Security Paradigms Workshop, NSPW 2020 - Post-Proceedings, USA, 2020.","DOI":"10.1145\/3442167.3442178"},{"key":"914_CR70","doi-asserted-by":"crossref","unstructured":"J. Nguyen and M. Dupuis. 2019. Closing the Feedback Loop Between UX Design, Software Development, Security Engineering, and Operations, in The 20th Annual Conference on Information Technology Education, Tacoma. WA. USA","DOI":"10.1145\/3349266.3351420"},{"key":"914_CR71","volume-title":"\"BP: Security Concerns and Best Practices for Automation of Software Deployment Processes An Industrial Case Study,\" in IEEE Cybersecurity Development (SecDev)","author":"V Mohan","year":"2018","unstructured":"Mohan, V., Othmane, L.B., Kres, A.: \u201cBP: Security Concerns and Best Practices for Automation of Software Deployment Processes An Industrial Case Study,\u201d in IEEE Cybersecurity Development (SecDev). MA, USA, Cambridge (2018)"},{"key":"914_CR72","unstructured":"AWS, \"What is DevSecOps,\" AWS, [Online]. Available: https:\/\/aws.amazon.com\/what-is\/devsecops\/?nc1=h_ls. [Accessed 13 June 2023]."},{"key":"914_CR73","unstructured":"Jfrog, \"What is DevSecOps,\" Jfrog, [Online]. Available: https:\/\/jfrog.com\/devops-tools\/what-is-devsecops\/. [Accessed 11 June 2023]."},{"key":"914_CR74","unstructured":"M. Sotti, \"Ultimate DevSecOps Library,\" [Online]. Available: https:\/\/github.com\/sottlmarek\/DevSecOps. [Accessed 13 June 2023]."},{"key":"914_CR75","unstructured":"J. Hirschauer, \"Top 10 Best Practices for DevSecOps,\" Harness, 11 May 2022. [Online]. Available: https:\/\/www.harness.io\/blog\/best-practices-devsecops. [Accessed 10 June 2023]."},{"key":"914_CR76","unstructured":"K. Zettler, \"DevSecOps Tools,\" Atlassian, [Online]. Available: https:\/\/www.atlassian.com\/devops\/devops-tools\/devsecops-tools. [Accessed 10 June 2023]."},{"key":"914_CR77","doi-asserted-by":"crossref","unstructured":"T. Scanlon and J. Morales, \"Revelations from an Agile and DevSecOps Transformation in a Large Organization: An Experiential Case Study,\" in ICSSP'22: 16th International Conference on Software and System, Pittsburgh,PA, USA, 2022.","DOI":"10.1145\/3529320.3529329"},{"key":"914_CR78","unstructured":"Aquasec, \"DevSecOps Tools: 9 Ways to Integrate Security Into the SDLC,\" Aquasec, [Online]. Available: https:\/\/www.aquasec.com\/cloud-native-academy\/devsecops\/devsecops-tools\/. [Accessed 10 June 2023]."},{"key":"914_CR79","unstructured":"N. S. Gill, \"A Guide to DevSecOps Tools and Continuous Security For an Enterprise,\" Xenonstack, 16 May 2023. [Online]. Available: https:\/\/www.xenonstack.com\/blog\/devsecops-tools. [Accessed 11 June 2023]."},{"key":"914_CR80","unstructured":"D. Weeks and D. Schleen, \"DevSecOps Community Survey,\" Sonatype, 2020."},{"key":"914_CR81","unstructured":"P. Kumari, \"DevSecOps best practices and strategies you can\u2019t ignore,\" 26 June 2023. [Online]. Available: https:\/\/www.softwebsolutions.com\/resources\/devsecops-best-practices.html. [Accessed 21 December 2023]."},{"key":"914_CR82","unstructured":"V. Nastenko, \"Integrating Security in DevOps: Best Practices, Tools, and Challenges,\" 3 April 2023. [Online]. Available: https:\/\/tech-stack.com\/blog\/integrating-security-in-devops-best-practices-tools-and-challenges\/. [Accessed 20 December 2023]."},{"issue":"2","key":"914_CR83","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1007\/s11219-023-09619-3","volume":"31","author":"F Lombardi","year":"2023","unstructured":"Lombardi, F., Fanton, A.: From DevOps to DevSecOps is not enough. CyberDevOps: an extreme shifting-left architecture to bring cybersecurity within software security lifecycle pipeline. Software Qual. J. 31(2), 619\u2013654 (2023)","journal-title":"Software Qual. J."},{"key":"914_CR84","unstructured":"A. Irwin, \"DevSecOps Best Practices Checklist,\" 9 October 2023. [Online]. Available: https:\/\/aptori.dev\/blog\/devsecops-best-practices-checklist. [Accessed 20 December 2023]."},{"key":"914_CR85","doi-asserted-by":"crossref","unstructured":"T. G. Espinha, U. Lechner and M. Pinto-Albuquerque, \"Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach,\" Cybersecurity, vol. 3, 2020.","DOI":"10.1186\/s42400-020-00064-4"},{"key":"914_CR86","doi-asserted-by":"crossref","unstructured":"Z. Seremet and K. Raki\u0107, \"Best Approach to Security in Azure Devops,\" DAAAM International Scientific Book, pp. 223\u2013230, 2021.","DOI":"10.2507\/daaam.scibook.2021.18"},{"key":"914_CR87","unstructured":"S. Ingalis, \"10 Best DevSecOps Tools,\" ESecurityPlanet, 17 May 2022. [Online]. Available: https:\/\/www.esecurityplanet.com\/products\/devsecops-tools\/. [Accessed 10 June 2023]."},{"key":"914_CR88","unstructured":"Fossa, \"5 Must-Have DevSecOps Tools,\" Fossa, [Online]. Available: https:\/\/fossa.com\/blog\/must-have-devsecops-tools\/. [Accessed 13 June 2023]."},{"key":"914_CR89","unstructured":"S. Manjaly, \"The Top 10 Best DevSecOps Tools for 2023,\" Invgate, 29 December 2022. [Online]. Available: https:\/\/blog.invgate.com\/devsecops-tools. [Accessed 10 Jube 2023]."},{"key":"914_CR90","unstructured":"S. Pickard, \"10 Best DevSecOps Tools,\" PCWDLD, [Online]. Available: https:\/\/www.pcwdld.com\/best-devsecops-tools\/. [Accessed 11 June 2023]."},{"key":"914_CR91","unstructured":"Tigera, \"16 Amazing DevSecOps Tools to Shift Your Security Left,\" Tigera, [Online]. Available: https:\/\/www.tigera.io\/learn\/guides\/devsecops\/devsecops-tools\/. [Accessed 11 June 2023]."},{"key":"914_CR92","unstructured":"E. Corrales, \"Best DevOps and DevSecOps Tools,\" Developer, 24 May 2022. [Online]. Available: https:\/\/www.developer.com\/project-management\/devsecops-tools\/. [Accessed 11 June 2023]."},{"key":"914_CR93","unstructured":"Aquasec, \"SecDevOps in Your Organization: A Practical Guide,\" [Online]. Available: https:\/\/www.aquasec.com\/cloud-native-academy\/devsecops\/secdevops\/. [Accessed 14 10 2023]."},{"key":"914_CR94","unstructured":"Synopsys, \"What is DevSecOps,\" [Online]. Available: https:\/\/www.synopsys.com\/glossary\/what-is-devsecops.html. [Accessed 13 June 2023]."},{"key":"914_CR95","unstructured":"Gitlab, \"Mapping the DevSecOps Landscape,\" Gitlab, 2020."},{"key":"914_CR96","unstructured":"Gitlab, \"A maturing DevSecOps landscape,\" Gitlab, 2021."},{"key":"914_CR97","unstructured":"Contrast Security, \"The State Of DevSecOps Report,\" Contrast Security, 2021."},{"key":"914_CR98","doi-asserted-by":"crossref","unstructured":"S. Nocera, S. Romano, R. Francese and G. Scanniello. 2023. A Large-scale Fine-grained Empirical Study on Security Concerns in Open-source Software, in 9th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), Durres,Albania,.","DOI":"10.1109\/SEAA60479.2023.00069"},{"key":"914_CR99","doi-asserted-by":"crossref","unstructured":"M. A. Aljohani and S. S. Alqahtani. 2023. A Unified Framework for Automating Software Security Analysis in DevSecOps,\" in International Conference on Smart Computing and Application (ICSCA), Hail, Saudi Arabia","DOI":"10.1109\/ICSCA57840.2023.10087568"},{"key":"914_CR100","doi-asserted-by":"crossref","unstructured":"L. A. Nikolov and A. P. Aleksieva-Petrova. 2023. Action Research on the DevSecOps Pipeline in International Scientific Conference on Computer Science (COMSCI), Sozopol, Bulgaria, 2023.","DOI":"10.1109\/COMSCI59259.2023.10315920"},{"key":"914_CR101","doi-asserted-by":"crossref","unstructured":"A. D. Tran, K. Yskout and W. Joosen. 2023. AndrAS: Automated Attack Surface Extraction for Android Applications, in EEE 23rd International Conference on Software Quality, Reliability, and Security (QRS), Chiang Mai, Thailand, 2023.","DOI":"10.1109\/QRS60937.2023.00047"},{"key":"914_CR102","doi-asserted-by":"crossref","unstructured":"M. Marandi, A. Bertia and S. Silas. 2023. Implementing and Automating Security Scanning to a DevSecOps CI\/CD Pipeline in World Conference on Communication & Computing (WCONF), Raipur, India, 2023.","DOI":"10.1109\/WCONF58270.2023.10235015"},{"key":"914_CR103","volume-title":"\"The Creation and Integration of the Technological Workflow for Software and Hardware-Software Development,\" in EEE XVI International Scientific and Technical Conference Actual Problems of Electronic Instrument Engineering (APEIE)","author":"EA Basinya","year":"2023","unstructured":"Basinya, E.A., Malyshev, E.A.: \u201cThe Creation and Integration of the Technological Workflow for Software and Hardware-Software Development,\u201d in EEE XVI International Scientific and Technical Conference Actual Problems of Electronic Instrument Engineering (APEIE). Russian Federation, Novosibirsk (2023)"},{"key":"914_CR104","doi-asserted-by":"crossref","unstructured":"M. Ji, M. Yin and Y. H. Zhou. 2023. Application of static taint analysis in RASP protection strategy,\" in Proceedings of the 2022 International Conference on Cyber Security (CSW '22), New York, NY,USA, 2023.","DOI":"10.1145\/3584714.3584723"},{"key":"914_CR105","doi-asserted-by":"crossref","unstructured":"P. Le-Thanh, T. Le-Anh and Q. Le-Trung. 2023. Research and Development of a Smart Solution for RuntimeWeb Application Self-Protection,\" in Proceedings of the 12th International Symposium on Information and Communication Technology (SOICT '23), New York, NY, USA","DOI":"10.1145\/3628797.3628901"},{"key":"914_CR106","unstructured":"W.-T. Lee and Z.-W. Liu. 2023. Microservices-based DevSecOps Platform using Pipeline and Open Source Software,\" Journal of Information Science and Engineering, vol. 39, pp. 1117\u20131128"},{"key":"914_CR107","unstructured":"R. Kimani. 2023. Implementing DevSecOps Best Practices,\" [Online]. Available: https:\/\/thenewstack.io\/devsecops-implementation-best-practices\/. [Accessed 20 December 2023]."},{"key":"914_CR108","unstructured":"Microsoft. 2023. What is DevSecOps? [Online]. Available: https:\/\/www.microsoft.com\/en-us\/security\/business\/security-101\/what-is-devsecops. [Accessed 20 December 2023]."},{"key":"914_CR109","unstructured":"Paloalto Networks. 2023. How to Transition from DevOps to DevSecOps, [Online]. Available: https:\/\/www.paloaltonetworks.com\/cyberpedia\/devops-to-devsecops. [Accessed 20 December 2023]."},{"key":"914_CR110","unstructured":"N. S. Vardhan. 2023. \"What is DevSecOps,\" 19 June 2023. [Online]. Available: https:\/\/www.opsmx.com\/blog\/what-is-devsecops\/. [Accessed 20 December 2023]."},{"key":"914_CR111","unstructured":"GuardRails. 2023. \"Maximizing Security with DevSecOps: Top 5 Mistakes to Avoid,\" 26 July 2023. [Online]. Available: https:\/\/www.guardrails.io\/blog\/maximizing-security-with-devsecops-top-5-mistakes-to-avoid\/. [Accessed 20 December 2023]."},{"key":"914_CR112","unstructured":"M. Kopacki. 2023. 5 DevSecOps best practices that can help you build secure applications, faster,\" 30 October 2023. [Online]. Available: https:\/\/www.kellton.com\/kellton-tech-blog\/devsecops-best-practices-that-helps-build-secure-applications. [Accessed 20 December 2023]."},{"key":"914_CR113","unstructured":"A. Raizada. 2023. A Deep Dive into DevSecOps Best Practices for Secure and Efficient Software Delivery,\" 2023. [Online]. Available: https:\/\/copperdigital.com\/blog\/devsecops-best-practices-secure-software-delivery\/. [Accessed 20 December 2023]."},{"key":"914_CR114","unstructured":"A. Spasojevic. 2023. What is DevSecOps,\" 2023. [Online]. Available: https:\/\/phoenixnap.com\/blog\/what-is-devsecops. [Accessed 21 December 2023]."},{"key":"914_CR115","unstructured":"R. Kolodiy. 2023. DevOps vs DevSecOps,\" 27 November 2023. [Online]. Available: https:\/\/www.techmagic.co\/blog\/devops-vs-devsecops\/. [Accessed 21 December 2023]."},{"key":"914_CR116","unstructured":"J. Peterson. 2023. Mastering SDLC Security: Best Practices, DevSecOps, and ASPM,\" 12 December 2023. [Online]. Available: https:\/\/cycode.com\/blog\/mastering-sdlc-security-best-practices\/. [Accessed 22 December 2023]."},{"key":"914_CR117","unstructured":"A. Prasad, \"DevSecOps in Modern Software Development,\" 26 October 2023. [Online]. Available: https:\/\/semaphoreci.com\/blog\/devsecops. [Accessed 22 December 2023]."},{"key":"914_CR118","unstructured":"R. Singh, \"Top DevSecOps Tools for 2023: Open Source Solutions for Enterprises,\" 16 May 2023. [Online]. Available: https:\/\/ranjaniitian.medium.com\/top-devsecops-tools-for-2023-open-source-solutions-for-enterprises-7c146f80b325. [Accessed 22 December 2023]."},{"issue":"4","key":"914_CR119","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1049\/sfw2.12132","volume":"17","author":"X Zhou","year":"2023","unstructured":"Zhou, X., Mao, R., Zhang, H.: Revisit security in the era of DevOps: An evidence-based inquiry into DevSecOps industry. IET Software 17(4), 435\u2013454 (2023)","journal-title":"IET Software"},{"key":"914_CR120","doi-asserted-by":"crossref","unstructured":"L. Verderame, L. Caviglione, R. Carbone and A. Merlo. 2023. SecCo: Automated Services to Secure Containers in the DevOps Paradigm,\" in Proceedings of the 2023 International Conference on Research in Adaptive and Convergent Systems (RACS '23), New York, NY, USA","DOI":"10.1145\/3599957.3606222"},{"key":"914_CR121","unstructured":"Gitlab, \"Global Developer Report: DevSecOps,\" Gitlab, 2019."},{"key":"914_CR122","unstructured":"E. DevOps, \"Best DevSecOps Tools for 2022 | Open Source Enterprise,\" 29 June 2022. [Online]. Available: https:\/\/medium.com\/@devops.ent\/best-devsecops-tools-for-2022-open-source-enterprise-a5d13455b90. [Accessed 11 June 2023]."},{"key":"914_CR123","doi-asserted-by":"crossref","unstructured":"C. Weir, S. Migues, M. Ware and L. Williams. 2021. Infiltrating Security into Development: Exploring theWorld\u2019s Largest Software Security Study,\" in Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Athens, Greece","DOI":"10.1145\/3468264.3473926"},{"key":"914_CR124","doi-asserted-by":"crossref","unstructured":"P. Thantharate and A. T, \"GeneticSecOps: Harnessing Heuristic Genetic Algorithms for Automated Security Testing and Vulnerability Detection in DevSecOps,\" in 6th International Conference on Contemporary Computing and Informatics (IC3I), Gautam Buddha Nagar, India, 2023.","DOI":"10.1109\/IC3I59117.2023.10398075"},{"key":"914_CR125","first-page":"2023","volume-title":"Research on Security Challenges in Cloud Environments and Solutions based on the \"security-as-Code\" Approach in CEUR Workshop Proceedings","author":"O Vakhula","year":"2023","unstructured":"Vakhula, O., Opirskyy, I., Mykhaylova, O.: Research on Security Challenges in Cloud Environments and Solutions based on the \u201csecurity-as-Code\u201d Approach in CEUR Workshop Proceedings, p. 2023. Kyiv, Ukraine (2023)"},{"key":"914_CR126","unstructured":"M. Thevarmannil, \"Top 10 DevSecOps Best Practices for 2023,\" 1 July 2023. [Online]. Available: https:\/\/www.practical-devsecops.com\/devsecops-best-practices\/. [Accessed 20 December 2023]."},{"key":"914_CR127","unstructured":"N. Rini, \"DevSecOps Best Practices to Implement,\" 12 October 2023. [Online]. Available: https:\/\/www.techrepublic.com\/article\/devsecops-best-practices\/. [Accessed 20 December 2023]."},{"key":"914_CR128","unstructured":"D. Hopper, \"7 Essential DevSecOps Best Practices Every Development Team Should Implement,\" 19 May 2023. [Online]. Available: https:\/\/www.mayhem.security\/blog\/7-essential-devsecops-best-practices-every-development-team-should-implement. [Accessed 20 December 2023]."},{"key":"914_CR129","unstructured":"G. Andrews, \"Top 8 DevSecOps Best Practices,\" 2023. [Online]. Available: https:\/\/www.akto.io\/blog\/top-8-devsecops-best-practices. [Accessed 20 December 2023]."},{"key":"914_CR130","unstructured":"Everable, \"Five Core Capabilities for Every DevSecOps Environment,\" Everable, 3 August 2022. [Online]. Available: https:\/\/www.everable.com\/blog\/five-core-capabilities-for-every-devsecops-environment. [Accessed 11 June 2023]."},{"key":"914_CR131","unstructured":"J. Marsal, \"What is DevSecOps? And what you need to do it well,\" 19 January 2023. [Online]. Available: https:\/\/www.dynatrace.com\/news\/blog\/what-is-devsecops\/. [Accessed 20 December 2023]."},{"key":"914_CR132","unstructured":"A. Baig, \"DevOps - 15 DevSecOps Best Practices,\" DevOps.com, 15 April 2022. [Online]. Available: https:\/\/devops.com\/15-devsecops-best-practices\/. [Accessed 13 June 2023]."},{"key":"914_CR133","volume-title":"Intrusion Detection for Scalable and Elastic Microservice Applications,\" in IEEE 28th Pacific Rim International Symposium on Dependable Computing (PRDC)","author":"J Flora","year":"2023","unstructured":"Flora, J., Gon\u00e7alves, P., Antunes, N.: Intrusion Detection for Scalable and Elastic Microservice Applications,\" in IEEE 28th Pacific Rim International Symposium on Dependable Computing (PRDC). Singapore, Singapore (2023)"},{"key":"914_CR134","volume-title":"\"Overcoming New Technologies Challenges in IoT Security Labs: Strategies for Effective Adaptation,\" in IFIP Networking Conference (IFIP Networking)","author":"D Simopoulos","year":"2023","unstructured":"Simopoulos, D., Wolf, A.: \u201cOvercoming New Technologies Challenges in IoT Security Labs: Strategies for Effective Adaptation,\u201d in IFIP Networking Conference (IFIP Networking). Barcelone, Spain (2023)"},{"key":"914_CR135","doi-asserted-by":"crossref","unstructured":"J. A. Morales and H. Yasar, \"Experiences with Secure Pipelines in Highly Regulated Environments,\" In: Proceedings of the 18th International Conference on Availability, Reliability and Security, New York, NY, USA, 2023.","DOI":"10.1145\/3600160.3605466"},{"key":"914_CR136","doi-asserted-by":"crossref","unstructured":"E. Villanueva, I. Torres, E. Osaba, S. Canzoneri, A. Franchini and L. Blasi, \"PIACERE Integrated Development Environment. In: Proceedings of the 3rd Eclipse Security, AI, Architecture and Modelling Conference on Cloud to Edge Continuum (ESAAM '23), New York, NY, USA, 2023.","DOI":"10.1145\/3624486.3624507"},{"key":"914_CR137","doi-asserted-by":"crossref","unstructured":"M. S\u00e1nchez-Gord\u00f3n and R. Colomo-Palacios, \"Security as Culture: A Systematic Literature Review of DevSecOps,\" In: ICSEW'20 Proceedings of the IEEE\/ACM 42nd International Conference on Software Engineering Workshops, Seoul, Republic of Korea, 2020.","DOI":"10.1145\/3387940.3392233"},{"key":"914_CR138","unstructured":"Codacy, \"What Is DevSecOps? Shift Security Left in Your DevOps Lifecycle,\" 7 November 2023. [Online]. Available: https:\/\/blog.codacy.com\/what-is-devsecops. [Accessed 21 December 2023]."},{"key":"914_CR139","doi-asserted-by":"crossref","unstructured":"P. R. Reddy Konala and V. B. D. Kumar. 2023. SoK: Static Configuration Analysis in Infrastructure as Code Scripts, in IEEE International Conference on Cyber Security and Resilience (CSR). Venice. Italy.","DOI":"10.1109\/CSR57506.2023.10224925"},{"key":"914_CR140","first-page":"3536","volume":"49","author":"A Rahman","year":"2023","unstructured":"Rahman, A., Parnin, C.: Detecting and characterizing propagation of security weaknesses in puppet-based infrastructure management. IEEE Trans. Softw. Eng. 49, 3536\u20133553 (2023)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"914_CR141","unstructured":"Trustradius, \"DevSecOps Tools,\" Trustradius, [Online]. Available: https:\/\/www.trustradius.com\/devsecops. [Accessed 20 11 2023]."},{"key":"914_CR142","unstructured":"M. Thevarmannil, \"Best DevSecOps Tools List for 2024,\" 27 April 2023. [Online]. Available: https:\/\/www.practical-devsecops.com\/devsecops-tools\/. [Accessed 22 December 2023]."},{"key":"914_CR143","doi-asserted-by":"publisher","first-page":"112063","DOI":"10.1016\/j.jss.2024.112063","volume":"22","author":"X Zhao","year":"2024","unstructured":"Zhao, X., Clear, T., Lal, R.: Identifying the primary dimensions of DevSecOps: A multi-vocal literature review. J. Syst. Softw. 22, 112063 (2024)","journal-title":"J. Syst. Softw."},{"key":"914_CR144","doi-asserted-by":"publisher","first-page":"127","DOI":"10.30574\/wjaets.2024.11.2.0093","volume":"11","author":"O Abiona","year":"2024","unstructured":"Abiona, O., Oladapo, O., Modupe, O., Oyeniran, O., Adewusi, A., Komolafe, A.: The emergence and importance of DevSecOps: Integrating and reviewing security practices within the DevOps pipeline. World J. Adv. Eng. Techn. Sci. 11, 127\u2013133 (2024)","journal-title":"World J. Adv. Eng. Techn. Sci."},{"key":"914_CR145","doi-asserted-by":"crossref","unstructured":"N. Bernardino, B. Sequeira, E. Piza, F. Henriques, F. Neves and C. I. Reis. 2024. Enhancing DevSecOps: Three Custom Tools for Continuous Security,\" in IEEE 11th International Conference on Cyber Security and Cloud Computing (CSCloud). Shanghai. China","DOI":"10.1109\/CSCloud62866.2024.00017"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00914-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00914-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00914-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T15:25:51Z","timestamp":1739373951000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00914-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,5]]},"references-count":145,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2]]}},"alternative-id":["914"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00914-z","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,5]]},"assertion":[{"value":"16 October 2024","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 November 2024","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interests"}}],"article-number":"11"}}