{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T07:04:10Z","timestamp":1782889450271,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":67,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,6,30]],"date-time":"2026-06-30T00:00:00Z","timestamp":1782777600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,6,30]]},"DOI":"10.1145\/3805773.3806003","type":"proceedings-article","created":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T05:20:41Z","timestamp":1782883241000},"page":"135-146","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["SafeAIMerge: A Tool for Integrating DAST and LLM-Generated Security Feedback into GitHub Actions Workflows"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-8132-2887","authenticated-orcid":false,"given":"Arpit","family":"Thool","sequence":"first","affiliation":[{"name":"Virginia Tech, Computer Science, Blacksburg, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6987-5196","authenticated-orcid":false,"given":"Justin","family":"Smith","sequence":"additional","affiliation":[{"name":"Lafayette College, Computer Science, Easton, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6036-4733","authenticated-orcid":false,"given":"Chris","family":"Brown","sequence":"additional","affiliation":[{"name":"Virginia Tech, Computer Science, Blacksburg, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,6,30]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.30574\/wjaets.2024.11.2.0093"},{"key":"e_1_3_2_1_2_1","volume-title":"Llm-driven sast-genius: A hybrid static analysis framework for comprehensive and actionable security. arXiv preprint arXiv:2509.15433","author":"Agrawal Vaibhav","year":"2025","unstructured":"Vaibhav Agrawal and Kiarash Ahi. 2025. Llm-driven sast-genius: A hybrid static analysis framework for comprehensive and actionable security. arXiv preprint arXiv:2509.15433 (2025)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.3419"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/MERCon.2018.8421965"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.37745\/ejcsit.2013\/"},{"key":"e_1_3_2_1_6_1","volume-title":"Nursing management 42, 7","author":"Atwood Denise","year":"2011","unstructured":"Denise Atwood and Randy Uttley. 2011. Help! Strategies for preventing information overload. Nursing management 42, 7 (2011), 50-52."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1987875.1987900"},{"key":"e_1_3_2_1_8_1","unstructured":"Tridib Bandyopadhyay and Humayun Zafar. 2017. Influence of information overload on it security behavior: A theoretical framework. (2017)."},{"key":"e_1_3_2_1_9_1","volume-title":"Security Testing for Mobile Applications Using AI and ML Algorithms (August 30","author":"Reddy Bhimanpati Vijay Bhasker","year":"2024","unstructured":"Vijay Bhasker Reddy Bhimanpati and Shalu Jain. 2024. Security Testing for Mobile Applications Using AI and ML Algorithms. Shalu, Security Testing for Mobile Applications Using AI and ML Algorithms (August 30, 2024) (2024)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549135"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/BotSE.2019.00021"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3387940.3391481"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57633-6_13"},{"key":"e_1_3_2_1_14_1","volume-title":"Controversy in human factors constructs and the explosive use of the NASA-TLX: a measurement perspective. Cognition, technology & work 16, 3","author":"de Winter Joost CF","year":"2014","unstructured":"Joost CF de Winter. 2014. Controversy in human factors constructs and the explosive use of the NASA-TLX: a measurement perspective. Cognition, technology & work 16, 3 (2014), 289-297."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME55016.2022.00029"},{"key":"e_1_3_2_1_16_1","unstructured":"Lyubka Dencheva. 2022. Comparative analysis of Static application security testing (SAST) and Dynamic application security testing (DAST) by using open-source web application penetration testing tools. Ph. D. Dissertation. Dublin National College of Ireland."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW54576.2021.00009"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.21236\/ADA472363"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER53432.2022.00084"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Owen Graham and Kelvin Kloss. 2025. Evaluating the Impact of Reinforcement Learning on Autonomous CI\/CD Workflow Optimization. (2025).","DOI":"10.20944\/preprints202506.1400.v1"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/FIT47737.2019.00039"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2018.290111318"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jelectrocard.2018.07.024"},{"key":"e_1_3_2_1_24_1","volume-title":"A Comprehensive Survey on Process-Oriented Automatic Text Summarization with Exploration of LLM-Based Methods. arXiv preprint arXiv:2403.02901","author":"Jin Hanlei","year":"2024","unstructured":"Hanlei Jin, Yang Zhang, Dan Meng, Jun Wang, and Jinghua Tan. 2024. A Comprehensive Survey on Process-Oriented Automatic Text Summarization with Exploration of LLM-Based Methods. arXiv preprint arXiv:2403.02901 (2024)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"e_1_3_2_1_26_1","volume-title":"Mohammadreza Fani Sani, and Ziyue Li","author":"Keltek Mete","year":"2024","unstructured":"Mete Keltek, Rong Hu, Mohammadreza Fani Sani, and Ziyue Li. 2024. Boosting Cybersecurity Vulnerability Scanning based on LLM-supported Static Application Security Testing. arXiv preprint arXiv:2409.15735 (2024)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00054"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-013-9279-3"},{"key":"e_1_3_2_1_29_1","first-page":"489","volume-title":"34th USENIX Security Symposium (USENIX Security 25)","author":"Lekssays Ahmed","year":"2025","unstructured":"Ahmed Lekssays, Hamza Mouhcine, Khang Tran, Ting Yu, and Issa Khalil. 2025. {LLMxCPG}:{Context-Aware} Vulnerability Detection Through Code Property {Graph-Guided} Large Language Models. In 34th USENIX Security Symposium (USENIX Security 25). 489-507."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3505247"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/CHASE.2019.00023"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3115941"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062543"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115621"},{"key":"e_1_3_2_1_35_1","volume-title":"GenAI Security Project","author":"Overreliance OWASP.","year":"2025","unstructured":"OWASP. 2025. LLM09: Overreliance. GenAI Security Project (2025). https: \/\/genai.owasp.org\/llmrisk2023-24\/llm09-overreliance\/."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSGEA.2019.00131"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-010-9136-6"},{"key":"e_1_3_2_1_38_1","volume-title":"Summarization is (almost) dead. arXiv preprint arXiv:2309.09558","author":"Pu Xiao","year":"2023","unstructured":"Xiao Pu, Mingqi Gao, and Xiaojun Wan. 2023. Summarization is (almost) dead. arXiv preprint arXiv:2309.09558 (2023)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3475716.3475776"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","unstructured":"K. Ramdass and S. Jain. 2025. The Role of DevSecOps in Continuous Security Integration in CI\/CD Pipe. Journal of Quantum Science and Technology 2 (2025). Issue 1. doi:10.63345\/jqst.v2i1.150 10.63345\/jqst.v2i1.150","DOI":"10.63345\/jqst.v2i1.150"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/EDOC49727.2020.00026"},{"key":"e_1_3_2_1_42_1","volume-title":"Pertti Sepp\u00e4nen, and Pasi Kuvaja.","author":"Rodr\u00edguez Pilar","year":"2019","unstructured":"Pilar Rodr\u00edguez, Mika M\u00e4ntyl\u00e4, Markku Oivo, Lucy Ellen Lwakatare, Pertti Sepp\u00e4nen, and Pasi Kuvaja. 2019. Advances in using agile and lean processes for software development. In Advances in Computers. Vol. 113. Elsevier, 135-224."},{"key":"e_1_3_2_1_43_1","volume-title":"KARTAL: Web Application Vulnerability Hunting Using Large Language Models: Novel method for detecting logical vulnerabilities in web applications with finetuned Large Language Models.","author":"Sakaoglu Sinan","year":"2023","unstructured":"Sinan Sakaoglu. 2023. KARTAL: Web Application Vulnerability Hunting Using Large Language Models: Novel method for detecting logical vulnerabilities in web applications with finetuned Large Language Models."},{"key":"e_1_3_2_1_44_1","volume-title":"Muhammad Ali Babar, and Liming Zhu","author":"Shahin Mojtaba","year":"2017","unstructured":"Mojtaba Shahin, Muhammad Ali Babar, and Liming Zhu. 2017. Continuous integration, delivery and deployment: a systematic review on approaches, tools, challenges and practices. IEEE access 5 (2017), 3909-3943."},{"key":"e_1_3_2_1_45_1","article-title":"Review of the benefits of DAST (dynamic application security testing) versus SAST","volume":"1","author":"Sharma Manish","year":"2021","unstructured":"Manish Sharma. 2021. Review of the benefits of DAST (dynamic application security testing) versus SAST. International Journal of Management and Engineering Research 1, 1 (2021), 05-08.","journal-title":"International Journal of Management and Engineering Research"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCES45898.2019.9002531"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/VLHCC.2017.8103456"},{"key":"e_1_3_2_1_48_1","first-page":"221","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS","author":"Smith Justin","year":"2020","unstructured":"Justin Smith, Lisa Nguyen Quang Do, and Emerson Murphy-Hill. 2020. Why can't johnny fix vulnerabilities: A usability evaluation of static analysis tools for security. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). 221-238."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2025.110307"},{"key":"e_1_3_2_1_50_1","volume-title":"Yevhen Mohylevskyy, Roshanak Zilouchian Moghaddam, and Wei Le.","author":"Steenhoek Benjamin","year":"2024","unstructured":"Benjamin Steenhoek, Kalpathy Sivaraman, Renata Saldivar Gonzalez, Yevhen Mohylevskyy, Roshanak Zilouchian Moghaddam, and Wei Le. 2024. Closing the Gap: A User Study on the Real-world Usefulness of AI-powered Vulnerability Detection & Repair in the IDE. arXiv preprint arXiv:2412.14306 (2024)."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3723158"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.63345\/ijrmeet.org.v13.i5.130501"},{"key":"e_1_3_2_1_53_1","volume-title":"Harnessing the Power of LLMs: LLM Summarization for Human-Centric DAST Reports. In 2024 IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC). IEEE.","author":"Thool Arpit","year":"2024","unstructured":"Arpit Thool and Chris Brown. 2024. Harnessing the Power of LLMs: LLM Summarization for Human-Centric DAST Reports. In 2024 IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC). IEEE."},{"key":"e_1_3_2_1_54_1","volume-title":"Harnessing the Power of LLMs: LLM Summarization for Human-Centric DAST Reports. In 2024 IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC). IEEE, 33-39","author":"Thool Arpit","year":"2024","unstructured":"Arpit Thool and Chris Brown. 2024. Harnessing the Power of LLMs: LLM Summarization for Human-Centric DAST Reports. In 2024 IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC). IEEE, 33-39."},{"key":"e_1_3_2_1_55_1","volume-title":"Securing Agile: Assessing the Impact of Security Activities on Agile Development. In International Workshop on Software Security: Challenges, Opportunities, and Lessons Learned.","author":"Thool Arpit","year":"2024","unstructured":"Arpit Thool and Chris Brown. 2024. Securing Agile: Assessing the Impact of Security Activities on Agile Development. In International Workshop on Software Security: Challenges, Opportunities, and Lessons Learned."},{"key":"e_1_3_2_1_56_1","volume-title":"Integrating DAST in Kanban and CI\/CD: A Real World Security Case Study. arXiv preprint arXiv:2503.21947","author":"Thool Arpit","year":"2025","unstructured":"Arpit Thool and Chris Brown. 2025. Integrating DAST in Kanban and CI\/CD: A Real World Security Case Study. arXiv preprint arXiv:2503.21947 (2025)."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","unstructured":"Arpit Thool and Dwayne Brown. 2025. Supplemental Material for SafeAIMerge: ZAP LLM CI\/CD Tool. doi:10.6084\/m9.figshare.30228256 10.6084\/m9.figshare.30228256","DOI":"10.6084\/m9.figshare.30228256"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.3390\/info14060337"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.14445\/22312803\/IJCTT-V73I5P122"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2024.110543"},{"key":"e_1_3_2_1_61_1","unstructured":"Jonas Wagner. 2024. Analysis of security findings and reduction of false positives through large language models. (2024)."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyaa007"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180233"},{"key":"e_1_3_2_1_64_1","volume-title":"GitHub Actions: The Impact on the Pull Request Process. arXiv preprint arXiv:2206.14118","author":"Wessel Mairieli","year":"2022","unstructured":"Mairieli Wessel, Joseph Vargovich, Marco A Gerosa, and Christoph Treude. 2022. GitHub Actions: The Impact on the Pull Request Process. arXiv preprint arXiv:2206.14118 (2022)."},{"key":"e_1_3_2_1_65_1","volume-title":"A survey on large language model (llm) security and privacy: The good, the bad, and the ugly. High-Confidence Computing","author":"Yao Yifan","year":"2024","unstructured":"Yifan Yao, Jinhao Duan, Kaidi Xu, Yuanfang Cai, Zhibo Sun, and Yue Zhang. 2024. A survey on large language model (llm) security and privacy: The good, the bad, and the ugly. High-Confidence Computing (2024), 100211."},{"key":"e_1_3_2_1_66_1","volume-title":"Iskandar Abdullah, and Maslin Masrom.","author":"Zain Mohamed","year":"2005","unstructured":"Mohamed Zain, Raduan Che Rose, Iskandar Abdullah, and Maslin Masrom. 2005. The relationship between information technology acceptance and organizational agility in Malaysia. Information & management 42, 6 (2005), 829-839."},{"key":"e_1_3_2_1_67_1","volume-title":"Joshua Sumarlin, Bach Le, and David Lo.","author":"Zhou Xin","year":"2024","unstructured":"Xin Zhou, Duc-Manh Tran, Thanh Le-Cong, Ting Zhang, Ivana Clairine Irsan, Joshua Sumarlin, Bach Le, and David Lo. 2024. Comparison of static application security testing tools and large language models for repo-level vulnerability detection. arXiv preprint arXiv:2407.16235 (2024)."}],"event":{"name":"SecDev '26: 2026 ACM Secure Development Conference","location":"Montreal QC Canada","acronym":"SecDev '26","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 2026 ACM Secure Development Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3805773.3806003","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T05:28:44Z","timestamp":1782883724000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3805773.3806003"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,6,30]]},"references-count":67,"alternative-id":["10.1145\/3805773.3806003","10.1145\/3805773"],"URL":"https:\/\/doi.org\/10.1145\/3805773.3806003","relation":{},"subject":[],"published":{"date-parts":[[2026,6,30]]},"assertion":[{"value":"2026-06-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}