{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,25]],"date-time":"2026-04-25T14:24:46Z","timestamp":1777127086140,"version":"3.51.4"},"reference-count":96,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2023,4,26]],"date-time":"2023-04-26T00:00:00Z","timestamp":1682467200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,4,26]],"date-time":"2023-04-26T00:00:00Z","timestamp":1682467200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Software Qual J"],"published-print":{"date-parts":[[2023,6]]},"DOI":"10.1007\/s11219-023-09619-3","type":"journal-article","created":{"date-parts":[[2023,4,26]],"date-time":"2023-04-26T05:02:00Z","timestamp":1682485320000},"page":"619-654","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":27,"title":["From DevOps to DevSecOps is not enough. CyberDevOps: an extreme shifting-left architecture to bring cybersecurity within software security lifecycle pipeline"],"prefix":"10.1007","volume":"31","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6463-8722","authenticated-orcid":false,"given":"Federico","family":"Lombardi","sequence":"first","affiliation":[]},{"given":"Alberto","family":"Fanton","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,4,26]]},"reference":[{"key":"9619_CR1","unstructured":"AICPA. (1997). System and Organization Controls: SOC Suite of Services. https:\/\/us.aicpa.org\/interestareas\/frc\/assuranceadvisoryservices\/sorhome"},{"key":"9619_CR2","doi-asserted-by":"crossref","unstructured":"Aniello, L., Baldoni, R., & Lombardi, F. (2016).\u00a0A blockchain-based solution for enabling log-based resolution of disputes in multi-party transactions. In\u00a0International Conference in Software Engineering for Defence Applications\u00a0(pp. 53\u201358). Springer.","DOI":"10.1007\/978-3-319-70578-1_6"},{"key":"9619_CR3","unstructured":"Aqua Security. (2019). Trivy. https:\/\/github.com\/aquasecurity\/trivy"},{"key":"9619_CR4","unstructured":"Aqua Security. (2021). Shift left DevOps. https:\/\/www.aquasec.com\/cloud-native-academy\/devsecops\/shift-left-devops\/"},{"key":"9619_CR5","unstructured":"Artifex. (1998). Ghostscript. https:\/\/www.ghostscript.com\/"},{"key":"9619_CR6","unstructured":"Atlassian. (2020). Atlassian survey 2020 - DevOps trends. https:\/\/www.atlassian.com\/whitepapers\/devops-survey-2020"},{"key":"9619_CR7","unstructured":"AWSLabs. (2016). git-secrets. https:\/\/github.com\/awslabs\/git-secrets"},{"key":"9619_CR8","doi-asserted-by":"crossref","unstructured":"Baldoni, R., Cerocchi, A., Ciccotelli, C., Donno, A., Lombardi, F., & Montanari, L. (2014).\u00a0Towards a non-intrusive recognition of anomalous system behavior in data centers. In: International Conference on Computer Safety, Reliability, and Security\u00a0(pp. 350\u2013359). Springer.","DOI":"10.1007\/978-3-319-10557-4_38"},{"key":"9619_CR9","doi-asserted-by":"crossref","unstructured":"Bass, L., Holz, R., Rimba, P., Tran, A. B., & Zhu, L. (2015)\u00a0Securing a deployment pipeline. In\u00a02015 IEEE\/ACM 3rd International Workshop on Release Engineering\u00a0(pp. 4\u20137). IEEE.","DOI":"10.1109\/RELENG.2015.11"},{"key":"9619_CR10","unstructured":"Bird, J. (2016).\u00a0DevOpsSec: Delivering secure software through continuous delivery. O\u2019Reilly Media."},{"key":"9619_CR11","doi-asserted-by":"crossref","unstructured":"Bosch, J. (2014).\u00a0Continuous software engineering: An introduction. Continuous Software Engineering\u00a0(pp. 3\u201313). Springer.","DOI":"10.1007\/978-3-319-11283-1_1"},{"issue":"5","key":"9619_CR12","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1109\/MS.2017.3571578","volume":"34","author":"K Carter","year":"2017","unstructured":"Carter, K. (2017). Francois Raynaud on DevSecOps. IEEE Software, 34(5), 93\u201396.","journal-title":"IEEE Software"},{"key":"9619_CR13","unstructured":"Casey, K. (2018).\u00a0How to build a strong DevSecOps culture: 5 tips. The Enterprisers Project. https:\/\/enterprisersproject.com\/article\/2018\/6\/how-build-strong-devsecops-culture-5-tips"},{"issue":"2\u20133","key":"9619_CR14","first-page":"6","volume":"60","author":"S Cash","year":"2016","unstructured":"Cash, S., Jain, V., Jiang, L., Karve, A., Kidambi, J., Lyons, M., Mathews, T., Mullen, S., Mulsow, M., & Patel, N. (2016). Managed infrastructure with IBM Cloud OpenStack Services. IBM Journal of Research and Development, 60(2\u20133), 6\u20131.","journal-title":"IBM Journal of Research and Development"},{"key":"9619_CR15","unstructured":"Center for Internet Security. (2017). CIS Oracle Linux 6 Benchmark. https:\/\/www.cisecurity.org\/wp-content\/uploads\/2017\/04\/CIS_Oracle_Linux_6_Benchmark_v1.0.0.pdf"},{"key":"9619_CR16","unstructured":"Chaillan, N., & Yasar, H. (2019).\u00a0Waterfall to DevSecOps in DoD. Technical report, Carnegie Mellon University Software Engineering Institute Air Force."},{"issue":"2","key":"9619_CR17","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MS.2015.27","volume":"32","author":"L Chen","year":"2015","unstructured":"Chen, L. (2015). Continuous delivery: Huge benefits, but challenges too. IEEE Software, 32(2), 50\u201354.","journal-title":"IEEE software"},{"key":"9619_CR18","unstructured":"Chickowski, E. (2018).\u00a0Seven winning DevSecOps metrics security should track. Bitdefender. https:\/\/businessinsights.bitdefender.com\/seven-winning-devsecops-metrics-security-should-track"},{"key":"9619_CR19","doi-asserted-by":"crossref","unstructured":"Ciccotelli, C., Aniello, L., Lombardi, F., Montanari, L., Querzoni, L., & Baldoni, R. (2015).\u00a0Nirvana: A non-intrusive black-box monitoring framework for rack-level fault detection. In: 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC)\u00a0(pp. 11\u201320). IEEE.","DOI":"10.1109\/PRDC.2015.22"},{"key":"9619_CR20","unstructured":"Collins, R. (2017). PEP 508 \u2013 Dependency specification for Python Software Packages. https:\/\/www.python.org\/dev\/peps\/pep-0508\/"},{"key":"9619_CR21","unstructured":"Conio Inc. (2018). Conio git Repository. https:\/\/github.com\/Conio"},{"key":"9619_CR22","unstructured":"Crouch, A. (2018).\u00a0DevSecOps: Incorporate security into DevOps to reduce software risk. Birmingham: Pack Publishing. https:\/\/www.agileconnection.com\/article\/devsecops-incorporate-security-devops-reduce-software-risk"},{"key":"9619_CR23","doi-asserted-by":"crossref","unstructured":"Desai, R., & Nisha, T. (2021).\u00a0Best practices for ensuring security in devops: A case study approach.\u00a0Journal of Physics: Conference Series,\u00a01964, 042045.","DOI":"10.1088\/1742-6596\/1964\/4\/042045"},{"key":"9619_CR24","unstructured":"Digkas, G., Chatzigeorgiou, A. N., Ampatzoglou, A., & Avgeriou, P. C. (2020).\u00a0Can clean new code reduce technical debt density. IEEE Transactions on Software Engineering."},{"key":"9619_CR25","unstructured":"Dimov, A., & Dimitrov, V. (2021).\u00a0Classification of software security tools, In: Information Systems and Grid Technologies."},{"key":"9619_CR26","doi-asserted-by":"publisher","unstructured":"Ecik, H. (2021).\u00a0Comparison of active vulnerability scanning vs. passive vulnerability detection. In\u00a02021 International Conference on Information Security and Cryptology (ISCTURKEY)\u00a0(pp. 87\u201392). Turkey: ISC.\u00a0https:\/\/doi.org\/10.1109\/ISCTURKEY53027.2021.9654331","DOI":"10.1109\/ISCTURKEY53027.2021.9654331"},{"key":"9619_CR27","unstructured":"Falcon. (2023). Spotlight. https:\/\/cloudprotectionworks.com\/datasheets\/FalconSpotlightDatasheetv2.pdf"},{"key":"9619_CR28","unstructured":"Fanton, A. (2022). Vulnerable pillow wrapper. https:\/\/pypi.org\/project\/vuln-pillow-wrapper\/"},{"key":"9619_CR29","doi-asserted-by":"publisher","unstructured":"Farroha, B. S., & Farroha, D. L. (2014).\u00a0A framework for managing mission needs, compliance, and trust in the DevOps environment. In\u00a02014 IEEE Military Communications Conference\u00a0(pp. 288\u2013293). IEEE.\u00a0https:\/\/doi.org\/10.1109\/MILCOM.2014.54","DOI":"10.1109\/MILCOM.2014.54"},{"key":"9619_CR30","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1016\/j.jss.2015.06.063","volume":"123","author":"B Fitzgerald","year":"2017","unstructured":"Fitzgerald, B., & Stol, K. -J. (2017). Continuous software engineering: A roadmap and agenda. Journal of Systems and Software, 123, 176\u2013189.","journal-title":"Journal of Systems and Software"},{"key":"9619_CR31","unstructured":"Foo, D., Yeo, J., Xiao, H., & Sharma, A. (2019).\u00a0The dynamics of software composition analysis. arXiv preprint arXiv:1909.00973"},{"key":"9619_CR32","unstructured":"Fredrik, L., & Clark, A. (2016). Pillow. https:\/\/python-pillow.org\/"},{"key":"9619_CR33","unstructured":"GhostScript. (1998).  Doc. https:\/\/www.ghostscript.com\/doc\/current\/History9"},{"key":"9619_CR34","unstructured":"Google. (2004). Virus Total. https:\/\/www.virustotal.com\/"},{"key":"9619_CR35","unstructured":"Greenbone. (2006). OpenVAS. https:\/\/www.openvas.org\/"},{"key":"9619_CR36","first-page":"1","volume":"21","author":"HJ Hejase","year":"2020","unstructured":"Hejase, H. J., Fayyad-Kazan, H. F., & Moukadem, I. (2020). Advanced persistent threats (APT): An awareness review. J. Econ. Econ. Educ. Res, 21, 1\u20138.","journal-title":"J. Econ. Econ. Educ. Res"},{"key":"9619_CR37","unstructured":"Hsu, T. (2018).\u00a0Hands-on security in DevOps: ensure continuous security, deployment, and delivery with DevSecOps. Packt Publishing."},{"key":"9619_CR38","unstructured":"Hudson, M. (2012). Git Hooks. https:\/\/githooks.com\/"},{"key":"9619_CR39","unstructured":"Humphrey, A. (2018).\u00a0Diving into DevSecOps: Measuring effectiveness and success. Armor. https:\/\/www.armor.com\/blog\/diving-devsecops-measuring-effectiveness-success\/"},{"issue":"1","key":"9619_CR40","first-page":"80","volume":"1","author":"EM Hutchins","year":"2011","unstructured":"Hutchins, E. M., Cloppert, M. J., Amin, R. M., et al. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, 1(1), 80.","journal-title":"Leading Issues in Information Warfare & Security Research"},{"key":"9619_CR41","doi-asserted-by":"publisher","unstructured":"Ibrahim, A., Yousef, A. H., & Medhat, W. (2022).\u00a0DevSecOps: A security model for infrastructure as code over the cloud. In\u00a02022 2nd International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC) (pp. 284\u2013288).\u00a0MIUCC.\u00a0https:\/\/doi.org\/10.1109\/MIUCC55081.2022.9781709","DOI":"10.1109\/MIUCC55081.2022.9781709"},{"key":"9619_CR42","doi-asserted-by":"crossref","unstructured":"Imtiaz, N., Thorn, S., & Williams, L. (2021).\u00a0A comparative study of vulnerability reporting by software composition analysis tools. In\u00a0Proceedings of the 15th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)\u00a0(pp. 1\u201311). ACM.","DOI":"10.1145\/3475716.3475769"},{"key":"9619_CR43","unstructured":"ISO\/IEC (2017) ISO\/IEC 27001 Information Security Management. https:\/\/www.iso.org\/isoiec-27001-information-security.html"},{"key":"9619_CR44","unstructured":"Jerbi, A. (2018).\u00a0KPIs for managing and optimizing DevSecOps success. InfoWorld. https:\/\/www.infoworld.com\/article\/3237046\/kpis-for-managing-and-optimizing-devsecops-success.html"},{"key":"9619_CR45","unstructured":"Jos\u00e9, F. (2018).\u00a0Effective DevSecOps.\u00a0https:\/\/medium.com\/@fabiojose\/effective-devsecops-f22dd023c5cd"},{"key":"9619_CR46","unstructured":"Kawaguchi, K. (2015). Jenkins. https:\/\/www.jenkins.io\/"},{"issue":"6","key":"9619_CR47","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3359981","volume":"52","author":"L Leite","year":"2019","unstructured":"Leite, L., Rocha, C., Kon, F., Milojicic, D., & Meirelles, P. (2019). A survey of DevOps concepts and challenges. ACM Computing Surveys (CSUR), 52(6), 1\u201335.","journal-title":"ACM Computing Surveys (CSUR)"},{"issue":"2","key":"9619_CR48","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1109\/MS.2015.50","volume":"32","author":"M Lepp\u00e4nen","year":"2015","unstructured":"Lepp\u00e4nen, M., M\u00e4kinen, S., Pagels, M., Eloranta, V.-P., Itkonen, J., M\u00e4ntyl\u00e4, M. V., & M\u00e4nnist\u00f6, T. (2015). The highways and country roads to continuous deployment. IEEE Software, 32(2), 64\u201372.","journal-title":"IEEE Software"},{"key":"9619_CR49","doi-asserted-by":"crossref","unstructured":"Lepp\u00e4nen, T., Honkaranta, A., & Costin, A. (2022).\u00a0Trends for the DevOps security. A systematic literature review. In International Symposium on Business Modeling and Software Design (pp. 200\u2013217).\u00a0Springer.","DOI":"10.1007\/978-3-031-11510-3_12"},{"key":"9619_CR50","unstructured":"Letouzey, J. -L., & Coq, T. (2010).\u00a0The sqale models for assessing the quality of real time source code. Toulouse: ERTSS 2010."},{"key":"9619_CR51","unstructured":"Lombardi, F. (2022). CDO Dataset. https:\/\/github.com\/FLombardi-PhD\/CDO_DATASET\/"},{"key":"9619_CR52","doi-asserted-by":"publisher","first-page":"342","DOI":"10.1016\/j.future.2019.03.003","volume":"98","author":"F Lombardi","year":"2019","unstructured":"Lombardi, F., Muti, A., Aniello, L., Baldoni, R., Bonomi, S., & Querzoni, L. (2019). Pascal: An architecture for proactive auto-scaling of distributed services. Future Generation Computer Systems, 98, 342\u2013361.","journal-title":"Future Generation Computer Systems"},{"key":"9619_CR53","unstructured":"Malware Tips. (2013). MalwareHub. https:\/\/malwaretips.com\/categories\/malware-hub.103\/"},{"key":"9619_CR54","unstructured":"Martorella, C. (2015). theHarvester. https:\/\/github.com\/laramies\/theHarvester"},{"issue":"4","key":"9619_CR55","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1109\/TSE.1976.233837","volume":"2","author":"T McCabe","year":"1976","unstructured":"McCabe, T. (1976). A complexity measure ieee transactions on software engineering. IEEE Transactions on software Engineering, 2(4), 308\u201320.","journal-title":"IEEE Transactions on software Engineering"},{"key":"9619_CR56","unstructured":"MITRE. (2018). CVE-2018-16509. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-16509"},{"key":"9619_CR57","unstructured":"MITRE. (2000). CVE Vulnerability Database. https:\/\/www.cve.org\/"},{"key":"9619_CR58","doi-asserted-by":"crossref","unstructured":"Mohan, V., & Othmane, L. B. (2016).\u00a0SecDevOps: Is it a marketing buzzword? Mapping research on security in DevOps. In\u00a02016 11th International Conference on Availability, Reliability and Security (ARES)\u00a0(pp. 542\u2013547). IEEE.","DOI":"10.1109\/ARES.2016.92"},{"key":"9619_CR59","doi-asserted-by":"crossref","unstructured":"Nath, K., Dhar, S., & Basishtha, S. (2014). Web 1.0 to web 3.0-evolution of the web and its various challenges. In\u00a02014 International Conference on Reliability Optimization and Information Technology (ICROIT)\u00a0(pp. 86\u201389). IEEE.","DOI":"10.1109\/ICROIT.2014.6798297"},{"key":"9619_CR60","unstructured":"NIST. (1999). National Institute of Standards and Technology. https:\/\/www.nist.gov\/"},{"key":"9619_CR61","unstructured":"Offsec Services Ltd. (2009). ExploitDB. https:\/\/www.exploit-db.com\/"},{"key":"9619_CR62","unstructured":"OWASP. (2016). OWASP Zed Attack Proxy (ZAP). https:\/\/www.zaproxy.org\/"},{"key":"9619_CR63","unstructured":"OWASP. (2020a). OWASP Dependency Check. https:\/\/owasp.org\/www-project-dependency-check\/"},{"key":"9619_CR64","unstructured":"OWASP. (2020b). OWASP ModSecurity Core Rule Set. https:\/\/owasp.org\/www-project-modsecurity-core-rule-set\/"},{"key":"9619_CR65","unstructured":"Paule, C. (2018).\u00a0Securing DevOps: Detection of vulnerabilities in CD pipelines."},{"key":"9619_CR66","unstructured":"PCI Security Standard Council. (2006). Payment Card Industry Data Security Standard. https:\/\/www.pcisecuritystandards.org"},{"key":"9619_CR67","unstructured":"PortSwigger (2003). Burp Suite. https:\/\/portswigger.net\/burp"},{"key":"9619_CR68","doi-asserted-by":"crossref","unstructured":"Prates, L., Faustino, J., Silva, M., & Pereira, R. (2019).\u00a0DevSecOps metrics. In\u00a0EuroSymposium on Systems Analysis and Design\u00a0(pp. 77\u201390). Springer.","DOI":"10.1007\/978-3-030-29608-7_7"},{"key":"9619_CR69","unstructured":"PuppetLabs. (2014).\u00a0State of DevOps report. technical report 2014."},{"key":"9619_CR70","unstructured":"PuppetLabs. (2019).\u00a0State of DevOps report. technical report 2019."},{"key":"9619_CR71","unstructured":"PyCQA. (2018). Bandit. https:\/\/github.com\/PyCQA\/bandit"},{"key":"9619_CR72","unstructured":"Pyup. (2017). Safety. https:\/\/pyup.io\/safety\/"},{"key":"9619_CR73","doi-asserted-by":"crossref","unstructured":"Rahman, A. A. U., & Williams, L. (2016).\u00a0Software security in DevOps: Synthesizing practitioners\u2019 perceptions and practices. In\u00a02016 IEEE\/ACM International Workshop on Continuous Software Evolution and Delivery (CSED)\u00a0(pp. 70\u201376).\u00a0IEEE.","DOI":"10.1145\/2896941.2896946"},{"key":"9619_CR74","doi-asserted-by":"crossref","unstructured":"Rajapakse, R. N., Zahedi, M., Babar, M. A., & Shen, H. (2022).\u00a0Challenges and solutions when adopting devsecops: A systematic review. Information and Software Technology, 141, 106700.","DOI":"10.1016\/j.infsof.2021.106700"},{"key":"9619_CR75","unstructured":"Rapid7. (2003). Metasploit Framework. https:\/\/www.metasploit.com\/"},{"key":"9619_CR76","unstructured":"Raynaud, F. (2017).\u00a0DevSecOps whitepaper.\u00a0DevSecCon. https:\/\/www.devseccon.com\/pf\/london-2017\/"},{"key":"9619_CR77","unstructured":"Reitz, K. (2020). Pipenv. https:\/\/pipenv.pypa.io\/"},{"key":"9619_CR78","doi-asserted-by":"crossref","unstructured":"Sallin, M., Kropp, M., Anslow, C., Quilty, J. W., & Meier, A. (2021).\u00a0Measuring software delivery performance using the four key metrics of DevOps. In\u00a0International Conference on Agile Software Development\u00a0(pp. 103\u2013119). Cham: Springer.","DOI":"10.1007\/978-3-030-78098-2_7"},{"key":"9619_CR79","doi-asserted-by":"publisher","DOI":"10.7287\/peerj.preprints.1889v1","volume-title":"An empirical study on principles and practices of continuous delivery and deployment","author":"G Schermann","year":"2016","unstructured":"Schermann, G., Cito, J., Leitner, P., Zdun, U., & Gall, H. (2016). An empirical study on principles and practices of continuous delivery and deployment. PeerJ Preprints: Technical report."},{"key":"9619_CR80","doi-asserted-by":"publisher","first-page":"3909","DOI":"10.1109\/ACCESS.2017.2685629","volume":"5","author":"M Shahin","year":"2017","unstructured":"Shahin, M., Babar, M. A., & Zhu, L. (2017). Continuous integration, delivery and deployment: A systematic review on approaches, tools, challenges and practices. IEEE Access, 5, 3909\u20133943.","journal-title":"IEEE Access"},{"issue":"3","key":"9619_CR81","doi-asserted-by":"publisher","first-page":"1061","DOI":"10.1007\/s10664-018-9651-4","volume":"24","author":"M Shahin","year":"2019","unstructured":"Shahin, M., Zahedi, M., Babar, M. A., & Zhu, L. (2019). An empirical study of architecting for continuous delivery and deployment. Empirical Software Engineering, 24(3), 1061\u20131108.","journal-title":"Empirical Software Engineering"},{"key":"9619_CR82","unstructured":"Shodan. (2013). Shodan Search Engine. https:\/\/www.shodan.io\/"},{"key":"9619_CR83","unstructured":"SM7 Software. (2013). Spiderfoot. https:\/\/www.spiderfoot.net\/"},{"key":"9619_CR84","doi-asserted-by":"publisher","unstructured":"Sojan, A., Rajan, R., & Kuvaja, P. (2021).\u00a0Monitoring solution for cloud-native DevSecOps. In: 2021 IEEE 6th International Conference on Smart Cloud (SmartCloud), pp. 125\u2013131.\u00a0https:\/\/doi.org\/10.1109\/SmartCloud52277.2021.00029","DOI":"10.1109\/SmartCloud52277.2021.00029"},{"key":"9619_CR85","unstructured":"SonarSource S. A. (2013). Sonarqube. https:\/\/www.sonarqube.org\/"},{"key":"9619_CR86","unstructured":"SonarSource S. A. (2018). Metrics Definition. https:\/\/docs.sonarqube.org\/latest\/user-guide\/metric-definitions\/"},{"key":"9619_CR87","doi-asserted-by":"crossref","unstructured":"Stahl, D., Martensson, T., & Bosch, J. (2017).\u00a0Continuous practices and DevOps: Beyond the buzz, what does it all mean? In\u00a02017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA)\u00a0(pp. 440\u2013448). IEEE.","DOI":"10.1109\/SEAA.2017.8114695"},{"key":"9619_CR88","unstructured":"Synopsys Software. (2021). BSIMM12, 2021 Insights Trends Report. https:\/\/www.bsimm.com\/"},{"key":"9619_CR89","unstructured":"Sysdig. (2015). Sysdig Secure. https:\/\/sysdig.com\/products\/secure\/"},{"key":"9619_CR90","unstructured":"TheHive Project. (2020). Cortex. https:\/\/github.com\/TheHive-Project\/Cortex"},{"key":"9619_CR91","unstructured":"Tiangolo. (2019. FastAPI. https:\/\/fastapi.tiangolo.com\/"},{"key":"9619_CR92","unstructured":"Vijayan, J. (2019).\u00a06 DevSecOps best practices: Automate early and often. TechBeacon. https:\/\/techbeacon.com\/security\/6-devsecops-best-practices-automate-early-often"},{"key":"9619_CR93","unstructured":"Wazuh. (2008). The Open Source Security Platform. https:\/\/wazuh.com\/"},{"key":"9619_CR94","unstructured":"Wazuh. (2019). Defining an alert level threshold. https:\/\/documentation.wazuh.com\/current\/user-manual\/manager\/alert-threshold.html"},{"key":"9619_CR95","unstructured":"Woodward, S. (2018).\u00a0DevSecOps metrics approaches in 2018.\u00a0Cloud Perspectives. https:\/\/www.brighttalk.com\/webcast\/499\/333412"},{"key":"9619_CR96","doi-asserted-by":"crossref","unstructured":"Zahedi, M., Rajapakse, R. N., & Babar, M. A. (2020).\u00a0Mining questions asked about continuous software engineering: A case study of stack overflow. In\u00a0Proceedings of the Evaluation and Assessment in Software Engineering\u00a0(pp. 41\u201350).\u00a0Association for Computing Machinery.","DOI":"10.1145\/3383219.3383224"}],"container-title":["Software Quality Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-023-09619-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11219-023-09619-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-023-09619-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,30]],"date-time":"2023-06-30T10:24:36Z","timestamp":1688120676000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11219-023-09619-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,26]]},"references-count":96,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2023,6]]}},"alternative-id":["9619"],"URL":"https:\/\/doi.org\/10.1007\/s11219-023-09619-3","relation":{},"ISSN":["0963-9314","1573-1367"],"issn-type":[{"value":"0963-9314","type":"print"},{"value":"1573-1367","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,4,26]]},"assertion":[{"value":"5 February 2023","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 April 2023","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"There are no ethical issues with the contribution provided in this work. The code prototype will be publicly released to the official Conio git repository (Conio Inc., ). The authors give their consent for publication in this journal.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}