Advancing DevSecOps in SMEs: Challenges and Best Practices for Secure CI/CD Pipelines

This study evaluates the adoption of DevSecOps among small and medium-sized enterprises (SMEs), identifying key challenges, best practices, and future trends. Through a mixed methods approach backed by the Technology Acceptance Model (TAM) and Diffusion of Innovations (DOI) theory, we analyzed surve...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings (International Symposium on Digital Forensic and Security. Online) pp. 1 - 6
Main Authors: Cheenepalli, Jayaprakashreddy, Hastings, John D., Ahmed, Khandaker Mamun, Fenner, Chad
Format: Conference Proceeding
Language:English
Published: IEEE 24.04.2025
Subjects:
Automation
Best practices
CI/CD pipelines
Collaboration
Complexity theory
Computer security
DevSecOps
Industries
Organizations
Pipelines
Security
security adoption
security automation
security culture
security integration
SMEs
Technological innovation
ISSN:2768-1831
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This study evaluates the adoption of DevSecOps among small and medium-sized enterprises (SMEs), identifying key challenges, best practices, and future trends. Through a mixed methods approach backed by the Technology Acceptance Model (TAM) and Diffusion of Innovations (DOI) theory, we analyzed survey data from 405 SME professionals, revealing that while 68% have implemented DevSecOps, adoption is hindered by technical complexity (41 %), resource constraints (35 %), and cultural resistance (38 %). Despite strong leadership prioritization of security (73 %), automation gaps persist, with only 12 % of organizations conducting security scans per commit. Our findings highlight a growing integration of security tools, particularly API security (63 %) and software composition analysis (62 %), although container security adoption remains low (34 %). Looking ahead, SMEs anticipate artificial intelligence and machine learning to significantly influence DevSecOps, under-scoring the need for proactive adoption of AI -driven security enhancements. Based on our findings, this research proposes strategic best practices to enhance CI/CD) pipeline security including automation, leadership-driven security culture, and cross-team collaboration.
ISSN:2768-1831
DOI:10.1109/ISDFS65363.2025.11011960