AI for DevSecOps: A Landscape and Future Opportunities
arxiv(2024)
摘要
DevOps has emerged as one of the most rapidly evolving software development
paradigms. With the growing concerns surrounding security in software systems,
the DevSecOps paradigm has gained prominence, urging practitioners to
incorporate security practices seamlessly into the DevOps workflow. However,
integrating security into the DevOps workflow can impact agility and impede
delivery speed. Recently, the advancement of artificial intelligence (AI) has
revolutionized automation in various software domains, including software
security. AI-driven security approaches, particularly those leveraging machine
learning or deep learning, hold promise in automating security workflows. They
reduce manual efforts, which can be integrated into DevOps to ensure
uninterrupted delivery speed and align with the DevSecOps paradigm
simultaneously. This paper seeks to contribute to the critical intersection of
AI and DevSecOps by presenting a comprehensive landscape of AI-driven security
techniques applicable to DevOps and identifying avenues for enhancing security,
trust, and efficiency in software development processes. We analyzed 99
research papers spanning from 2017 to 2023. Specifically, we address two key
research questions (RQs). In RQ1, we identified 12 security tasks associated
with the DevOps process and reviewed existing AI-driven security approaches. In
RQ2, we discovered 15 challenges encountered by existing AI-driven security
approaches and derived future research opportunities. Drawing insights from our
findings, we discussed the state-of-the-art AI-driven security approaches,
highlighted challenges in existing research, and proposed avenues for future
opportunities.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要