{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T21:52:37Z","timestamp":1769032357446,"version":"3.49.0"},"reference-count":56,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T00:00:00Z","timestamp":1763078400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T00:00:00Z","timestamp":1763078400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,14]]},"DOI":"10.1109\/cloudcom67567.2025.11331540","type":"proceedings-article","created":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T20:37:16Z","timestamp":1768941436000},"page":"1-8","source":"Crossref","is-referenced-by-count":0,"title":["A Threat-Oriented Study of API Security Challenges in CI\/CD Pipelines"],"prefix":"10.1109","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9944-2615","authenticated-orcid":false,"given":"Sabbir M.","family":"Saleh","sequence":"first","affiliation":[{"name":"Computer Science, University of Western Ontario,London,ON,Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-9928-7943","authenticated-orcid":false,"given":"Md Nafiz","family":"Al Ifat","sequence":"additional","affiliation":[{"name":"Computer Science, University of Western Ontario,London,ON,Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-5207-3203","authenticated-orcid":false,"given":"Nazim H.","family":"Madhavji","sequence":"additional","affiliation":[{"name":"Computer Science, University of Western Ontario,London,ON,Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-6572-6326","authenticated-orcid":false,"given":"John","family":"Steinbacher","sequence":"additional","affiliation":[{"name":"Cloud Division, IBM Canada Lab,Markham,ON,Canada"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Bridging theory and practice: insights into practical implementations of security practices in secure devops and ci\/cd environments","volume-title":"Ph. D. thesis, Universiteit van Amsterdam","author":"Aron","year":"2023"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.5220\/0006318200570068"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3560835.3564554"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2022.3142338"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.5220\/0013018500003825"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev53368.2022.00024"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/CCWC51732.2021.9376148"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3714464"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3253572"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106700"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/CIoT63799.2024.10757084"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2685629"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3064953"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.47363\/JMCA\/2023(2)E138"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3174092"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1186\/s13643-016-0384-4"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2601248.2601268"},{"issue":"4","key":"ref18","first-page":"2l3","article-title":"kappa: Nominal Scale Agreement with Provision for Scaled Disagreement or Partial Credit","volume":"70","author":"Weighted","year":"1968","journal-title":"Psychol Bull"},{"key":"ref19","article-title":"Guidelines for performing systematic literature reviews in software engineering","author":"Kitchenham","year":"2007","journal-title":"EBSE Technical Report, School of Computer Science and Mathematics, Keele University"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/INCITEST59455.2023.10397047"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/worlds451998.2021.9514041"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ICRASET59632.2023.10419921"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3190619.3190642"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.14429\/dsj.63.4267"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/RELENG.2015.11"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.petrol.2019.106834"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.30"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786850"},{"key":"ref29","first-page":"27","article-title":"Exploiting devops practices for dependable and secure continuous delivery pipelines","volume-title":"Proceedings of the 4th International Workshop on Rapid Continuous Software Engineering","author":"Dullmann"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ICCE53296.2022.9730757"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/ACIT58437.2023.10275654"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/icsa-c.2019.00026"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2023.01.322"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ICCE50685.2021.9427677"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2930000"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA54631.2023.10275659"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/ASWEC.2018.00033"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/ccwc47524.2020.9031195"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1191\/1478088706qp0630a"},{"issue":"2","key":"ref40","article-title":"Teaching thematic analysis: Overcoming challenges and developing strategies for effective learning","volume":"26","author":"Clarke","year":"2013","journal-title":"The psychologist"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1016\/j.glmedi.2025.100198"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103140"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3140868"},{"key":"ref44","article-title":"How I found 100+ exposed AWS keys in public git repos","volume-title":"Medium","author":"Yadav"},{"key":"ref45","first-page":"7","article-title":"Enhancing Cloud Security through Topic Modelling","volume-title":"28th ACIS International Winter Conference on Software Engineering, Artificial Intelligence, Networking and Parallel\/Distributed Computing (SNPD 2024-Winter)","author":"Sabbir M.","year":"2024"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3689938.3694779"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-008-9102-8"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3475716.3475776"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/ICABCD.2018.8465451"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ICECAA55415.2022.9936462"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2018.8548329"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3613889"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1016\/j.petrol.2019.106834"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev56634.2023.00018"},{"key":"ref55","article-title":"Avoiding excessive data exposure through microservice APIs","volume-title":"European Conference on Software Architecture","author":"Patric","year":"2022"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.5220\/0013298200003928"}],"event":{"name":"2025 lEEE International Conference on Cloud Computing Technology and Science (CloudCom)","location":"Shenzhen, China","start":{"date-parts":[[2025,11,14]]},"end":{"date-parts":[[2025,11,16]]}},"container-title":["2025 lEEE International Conference on Cloud Computing Technology and Science (CloudCom)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11330195\/11331311\/11331540.pdf?arnumber=11331540","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T07:08:31Z","timestamp":1768979311000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11331540\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,14]]},"references-count":56,"URL":"https:\/\/doi.org\/10.1109\/cloudcom67567.2025.11331540","relation":{},"subject":[],"published":{"date-parts":[[2025,11,14]]}}}