{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T13:02:39Z","timestamp":1772197359771,"version":"3.50.1"},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T00:00:00Z","timestamp":1772150400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T00:00:00Z","timestamp":1772150400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100006196","name":"University of Oulu","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100006196","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Autom Softw Eng"],"published-print":{"date-parts":[[2026,12]]},"DOI":"10.1007\/s10515-026-00600-5","type":"journal-article","created":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T12:11:44Z","timestamp":1772194304000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Generative AI as an infrastructure copilot: automating Infrastructure-As-Code across the DevSecOps lifecycle"],"prefix":"10.1007","volume":"33","author":[{"given":"Matteo","family":"Esposito","sequence":"first","affiliation":[]},{"given":"Mikel","family":"Robredo","sequence":"additional","affiliation":[]},{"given":"Alexander","family":"Bakhtin","sequence":"additional","affiliation":[]},{"given":"Davide","family":"Taibi","sequence":"additional","affiliation":[]},{"given":"Valentina","family":"Lenarduzzi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,27]]},"reference":[{"key":"600_CR1","doi-asserted-by":"publisher","unstructured":"Akbar, M.A., Esposito, M., Hyrynsalmi, S., et al.: 6GSoft: Software for Edge-to-Cloud Continuum. In: 2024 50th Euromicro Conference on Software Engineering and Advanced Applications (SEAA). IEEE Computer Society, Los Alamitos, CA, USA, pp. 499\u2013506 (2024). https:\/\/doi.org\/10.1109\/SEAA64295.2024.00082, https:\/\/doi.ieeecomputersociety.org\/10.1109\/SEAA64295.2024.00082","DOI":"10.1109\/SEAA64295.2024.00082"},{"key":"600_CR2","unstructured":"Akgul, O., Eghtesad, T., Elazari, A., et al.: Bug $$\\{$$Hunters\u2019$$\\}$$ perspectives on the challenges and benefits of the bug bounty ecosystem. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 2275\u20132291 (2023) https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/akgul"},{"key":"600_CR3","doi-asserted-by":"publisher","unstructured":"Amershi, S., Begel, A., Bird, C., et al.: Software engineering for machine learning: A case study. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), IEEE, pp. 291\u2013300 (2019) https:\/\/doi.org\/10.1109\/ICSE-SEIP.2019.00042","DOI":"10.1109\/ICSE-SEIP.2019.00042"},{"key":"600_CR4","doi-asserted-by":"publisher","unstructured":"Artac, M., Borovssak, T., Di Nitto, E., et al.: Devops: introducing infrastructure-as-code. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering Companion (ICSE-C), IEEE, pp. 497\u2013498 (2017) https:\/\/doi.org\/10.1109\/ICSE-C.2017.162","DOI":"10.1109\/ICSE-C.2017.162"},{"issue":"6","key":"600_CR5","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/s10664-023-10380-1","volume":"28","author":"O Asare","year":"2023","unstructured":"Asare, O., Nagappan, M., Asokan, N.: Is github\u2019s copilot as bad as humans at introducing vulnerabilities in code? Empir. Softw. Eng. 28(6), 129 (2023) https:\/\/doi.org\/10.1007\/s10664-023-10380-1","journal-title":"Empir. Softw. Eng."},{"key":"600_CR6","unstructured":"Chanus, T., Aubertin, M.: Llm and infrastructure as a code use case (2023). arXiv preprint arXiv:2309.01456"},{"key":"600_CR7","unstructured":"CIS.: Cis benchmarks (2018). https:\/\/www.cisecurity.org\/cis-benchmarks\/, accessed: 2025\u201305-30"},{"key":"600_CR8","doi-asserted-by":"crossref","unstructured":"Ekoramaradhya, M., Thorpe, C.: A novel devsecops model for robust security in an mqtt internet of things. In: International Conference on Cyber Warfare and Security, pp. 63\u201371 (2022) https:\/\/www.proquest.com\/conference-papers-proceedings\/novel-devsecops-model-robust-security-mqtt\/docview\/2681923740\/se-2","DOI":"10.34190\/iccws.17.1.31"},{"key":"600_CR9","doi-asserted-by":"publisher","unstructured":"Esposito, M., Falessi, D.: Validate: A deep dive into vulnerability prediction datasets. Inf. Softw. Technol., p. 107448 (2024) https:\/\/doi.org\/10.1016\/j.infsof.2024.107448","DOI":"10.1016\/j.infsof.2024.107448"},{"key":"600_CR10","doi-asserted-by":"publisher","unstructured":"Esposito, M., Palagiano, F.: Leveraging large language models for preliminary security risk analysis: A mission-critical case study. In: Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering, pp. 442\u2013445 (2024) https:\/\/doi.org\/10.1145\/3661167.3661226","DOI":"10.1145\/3661167.3661226"},{"key":"600_CR11","doi-asserted-by":"publisher","unstructured":"Esposito, M., Falaschi, V., Falessi, D.: An extensive comparison of static application security testing tools. In: International Conference on Evaluation and Assessment in Software Engineering, pp. 69\u201378 (2024a) https:\/\/doi.org\/10.1145\/3661167.3661199","DOI":"10.1145\/3661167.3661199"},{"key":"600_CR12","doi-asserted-by":"publisher","unstructured":"Esposito, M., Palagiano, F., Lenarduzzi, V., et al.: Beyond words: On large language models actionability in mission-critical risk analysis. In: International Symposium on Empirical Software Engineering and Measurement, pp. 517\u2013527 (2024b) https:\/\/doi.org\/10.1145\/3674805.3695401","DOI":"10.1145\/3674805.3695401"},{"key":"600_CR13","doi-asserted-by":"publisher","unstructured":"Esposito, M., Palagiano, F., Lenarduzzi, V., et al.: On large language models in mission-critical it governance: Are we ready yet? In: 2025 IEEE\/ACM 47th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), pp. 504\u2013515 (2025a). https:\/\/doi.org\/10.1109\/ICSE-SEIP66354.2025.00050","DOI":"10.1109\/ICSE-SEIP66354.2025.00050"},{"key":"600_CR14","doi-asserted-by":"publisher","unstructured":"Esposito, M., Robredo, M., Fontana, F.A., et al.: On the correlation between architectural smells and static analysis warnings. Software Qual. J. (2025). https:\/\/doi.org\/10.1007\/s11219-025-09730-7","DOI":"10.1007\/s11219-025-09730-7"},{"key":"600_CR15","doi-asserted-by":"publisher","unstructured":"Esposito, M., Bakhtin, A., Ahmad, N., et al.: Autonomic microservice management via agentic ai and mape-k integration. In: Software Architecture. ECSA 2025 Tracks and Workshops. Springer Nature Switzerland, Cham, pp. 105\u2013118 (2025) https:\/\/doi.org\/10.1007\/978-3-032-04403-7_11","DOI":"10.1007\/978-3-032-04403-7_11"},{"key":"600_CR16","doi-asserted-by":"crossref","unstructured":"Esposito, M., Li, X., Moreschini, S., et al.: Generative ai for software architecture. applications, challenges, and future directions. J. Syst. Soft., 231, 112607 (2026b). https:\/\/doi.org\/10.1016\/j.jss.2025.112607,, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0164121225002766","DOI":"10.1016\/j.jss.2025.112607"},{"issue":"3","key":"600_CR17","doi-asserted-by":"publisher","first-page":"369","DOI":"10.1007\/s10515-020-00277-4","volume":"27","author":"G Esteves","year":"2020","unstructured":"Esteves, G., Figueiredo, E., Veloso, A., et al.: Understanding machine learning software defect predictions. Autom. Softw. Eng. 27(3), 369\u2013392 (2020) https:\/\/doi.org\/10.1007\/s10515-020-00277-4","journal-title":"Autom. Softw. Eng."},{"key":"600_CR18","doi-asserted-by":"publisher","unstructured":"Fontana, F.A., Pigazzini, I., Roveda, R., et al.: Arcan: A tool for architectural smells detection. In: 2017 IEEE International Conference on Software Architecture Workshops (ICSAW), IEEE, pp. 282\u2013285 (2017) https:\/\/doi.org\/10.1109\/ICSAW.2017.16","DOI":"10.1109\/ICSAW.2017.16"},{"key":"600_CR19","unstructured":"Fowler, C.: Trash your servers and burn your code: Immutable infrastructure and disposable components (2013). http:\/\/chadfowler.com\/blog\/2013\/06\/23\/immutable-deployments\/"},{"key":"600_CR20","doi-asserted-by":"publisher","unstructured":"Guerriero, M., Garriga, M., Tamburri, D.A., et al.: Adoption, support, and challenges of infrastructure-as-code: Insights from industry. In: International conference on software maintenance and evolution (ICSME), pp. 580\u2013589 (2019) https:\/\/doi.org\/10.1109\/ICSME.2019.00092","DOI":"10.1109\/ICSME.2019.00092"},{"key":"600_CR21","doi-asserted-by":"publisher","unstructured":"Hutcheson, R., Blanchard, A., Lambaria, N., et al.: Software architecture reconstruction for microservice systems using static analysis via graalvm native image. In: 2024 IEEE International Conference on Software Analysis, pp. 12\u201322. Evolution and Reengineering (SANER), IEEE (2024) https:\/\/doi.org\/10.1109\/SANER60148.2024.00008","DOI":"10.1109\/SANER60148.2024.00008"},{"key":"600_CR22","doi-asserted-by":"publisher","unstructured":"Ikeshita, K., Ishikawa, F., Honiden, S.: Test suite reduction in idempotence testing of infrastructure as code. In: Tests and Proofs: 11th International Conference, TAP 2017, Held as Part of STAF 2017, Marburg, Germany, July 19\u201320, 2017, Proceedings 11, Springer, pp. 98\u2013115 (2017) https:\/\/doi.org\/10.1007\/978-3-319-61467-0","DOI":"10.1007\/978-3-319-61467-0"},{"key":"600_CR23","unstructured":"Inc. VG.: What are the phases of devsecops (2022). https:\/\/www.veritis.com\/blog\/what-are-the-phases-of-devsecops\/"},{"issue":"1","key":"600_CR24","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1109\/MS.2023.3319768","volume":"41","author":"B Johnson","year":"2024","unstructured":"Johnson, B., Menzies, T.: Ethics: Why software engineers can\u2019t afford to look away. IEEE Softw. 41(1), 142\u2013144 (2024) https:\/\/doi.org\/10.1109\/MS.2023.3319768","journal-title":"IEEE Softw."},{"key":"600_CR25","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106593","volume":"137","author":"I Kumara","year":"2021","unstructured":"Kumara, I., Garriga, M., Romeu, A.U., et al.: The do\u2019s and don\u2019ts of infrastructure code: A systematic gray literature review. Inf. Softw. Technol. 137, 106593 (2021) https:\/\/doi.org\/10.1016\/j.infsof.2021.106593","journal-title":"Inf. Softw. Technol."},{"key":"600_CR26","unstructured":"Morris, K.: Infrastructure as code. 2nd Edition, O\u2019Reilly Media Inc. (2020) https:\/\/www.oreilly.com\/library\/view\/infrastructure-as-code\/9781098114664\/"},{"issue":"3","key":"600_CR27","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1109\/MS.2017.86","volume":"34","author":"C Parnin","year":"2017","unstructured":"Parnin, C., et al.: The top 10 adages in continuous deployment. IEEE Softw. 34(3), 86\u201395 (2017) https:\/\/doi.org\/10.1109\/MS.2017.86","journal-title":"IEEE Softw."},{"key":"600_CR28","doi-asserted-by":"publisher","unstructured":"Rahman, A.: Characteristics of defective infrastructure as code scripts in devops. In: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings, pp. 476\u2013479 (2018) https:\/\/doi.org\/10.1145\/3183440.3183452","DOI":"10.1145\/3183440.3183452"},{"key":"600_CR29","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1016\/j.infsof.2018.12.004","volume":"108","author":"A Rahman","year":"2019","unstructured":"Rahman, A., Mahdavi-Hezaveh, R., Williams, L.: A systematic mapping study of infrastructure as code research. Inf. Softw. Technol. 108, 65\u201377 (2019) https:\/\/doi.org\/10.1016\/j.infsof.2018.12.004","journal-title":"Inf. Softw. Technol."},{"key":"600_CR30","doi-asserted-by":"publisher","unstructured":"Scheuner, J., Cito, J., Leitner, P., et al.: Cloud workbench: Benchmarking iaas providers based on infrastructure-as-code. In: International Conference on World Wide Web, pp. 239\u2013242 (2015) https:\/\/doi.org\/10.1145\/2740908.2742833","DOI":"10.1145\/2740908.2742833"},{"key":"600_CR31","doi-asserted-by":"publisher","unstructured":"Siddiq, M.L., Roney, L., Zhang, J., et al.: Quality assessment of chatgpt generated code and their use by developers. In: Proceedings of the 21st International Conference on Mining Software Repositories, pp. 152\u2013156 (2024) https:\/\/doi.org\/10.1145\/3643991.3645071","DOI":"10.1145\/3643991.3645071"},{"key":"600_CR32","doi-asserted-by":"publisher","first-page":"25858","DOI":"10.1109\/ACCESS.2021.3057044","volume":"9","author":"F\u00d6 S\u00f6nmez","year":"2021","unstructured":"S\u00f6nmez, F.\u00d6., Kili\u00e7, B.G.: Holistic web application security visualization for multi-project and multi-phase dynamic application security test results. IEEE Access 9, 25858\u201325884 (2021) https:\/\/doi.org\/10.1109\/ACCESS.2021.3057044","journal-title":"IEEE Access"},{"key":"600_CR33","doi-asserted-by":"publisher","unstructured":"de Souza, C.R., Rodr\u00edguez-P\u00e9rez, G., Basha, M., et al.: The fine balance between helping with your job and taking it: Ai code assistants come to the fore. IEEE Software (2024) https:\/\/doi.org\/10.1109\/MS.2024.3357787","DOI":"10.1109\/MS.2024.3357787"},{"key":"600_CR34","unstructured":"U.S. Department of Defense, Office of the Chief Information Officer (2021) Devsecops fundamentals guidebook: Devsecops tools and activities. Tech. rep., Department of Defense, accessed: 2025\u201305-30 https:\/\/dodcio.defense.gov\/Portals\/0\/Documents\/Library\/DevSecOpsTools-ActivitiesGuidebook.pdf"},{"key":"600_CR35","doi-asserted-by":"publisher","unstructured":"Zhang, R., Li, H.W., Qian, X.Y., et al.: On large language models safety, security, and privacy: A survey. J. Electr. Sci. Technol., p. 100301 (2025) https:\/\/doi.org\/10.1016\/j.jnlest.2025.100301","DOI":"10.1016\/j.jnlest.2025.100301"}],"container-title":["Automated Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10515-026-00600-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10515-026-00600-5","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10515-026-00600-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T12:11:48Z","timestamp":1772194308000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10515-026-00600-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,27]]},"references-count":35,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2026,12]]}},"alternative-id":["600"],"URL":"https:\/\/doi.org\/10.1007\/s10515-026-00600-5","relation":{},"ISSN":["0928-8910","1573-7535"],"issn-type":[{"value":"0928-8910","type":"print"},{"value":"1573-7535","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,27]]},"assertion":[{"value":"12 October 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"6 February 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Our work did not need ethical approval.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}},{"value":"We declare that we have no conflict of interests.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of interest"}},{"value":"The authors declare no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"58"}}