literature review on devops

Capabilities and Practices in DevOps: A Multivocal Literature Review

Ieee account.

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

• We're Hiring!
• Help Center

A Systematic Literature Review on DevOps Capabilities and Areas

2020, International Journal of Human Capital and Information Technology Professionals

Businesses today need to respond to customer needs at an unprecedented speed. Driven by this need for speed, many companies are rushing to the DevOps movement. DevOps, the combination of Development and Operations, is a new way of thinking in the software engineering domain that recently received much attention. Since DevOps has recently been introduced as a new term and novel concept, no common understanding of what it means has yet been achieved. Therefore, the definitions of DevOps often are only partly relevant to the concept. This research presents a systematic literature review to identify the determining factors contributing to the implementation of DevOps, including the main capabilities and areas with which it evolves.

Related Papers

Floris Erich

DevOps is a conceptual framework for reintegrating development and operations of Information Systems. We performed a Systematic Mapping Study to explore DevOps. 26 articles out of 139 were selected, studied and summarized. Based on this a concept table was constructed. We discov-ered that DevOps has not been adequately studied in scientific literature. There is relatively little research available on DevOps and the studies are often of low quality. We also found that DevOps is supported by a culture of collaboration, automation, measurement, information sharing and web service usage. DevOps benefits IS development and operations performance. It also has positive effects on web service development and quality assurance performance. Finally, our mapping study suggests that more research is needed to quantify these effects.

AIP Conference Proceedings 2519, 030029 (2022)

suneel prasad

Abstract. DevOps- a portmanteau of development and operations that come together to improve the software quality as well as to speed up the software development with its continuous delivery to its clients and customers. DevOps, emerging as an attractive software development movement, appears to be well regarded, but it is proving difficult to adopt fully in reality. Therefore, this paper contributes to understanding DevOps and addressing its challenges and practices while considering the real-world scenarios where organizations implement DevOps to pace their productivity. This paper also proposes a model which shows the key contributors in DevOps and how they are used to achieve the desired outcomes. We have carried out an exploratory case study by understanding how businesses adopt DevOps in real life. A case study is considered an effective form of analysis for studying current trends within their real-life context. DevOps is commonly described as collaborative work done between development and operations team by continuous communication and cooperation as well as featuring a cross-functional team having a common goal to achieve. Keywords: DevOps, Agility, Automation, CI/CD, Testing, Integration, Deployment, Quality Assurance, Collaboration.

Journal de Ciencia e Ingeniería

Jonathan Guerrero

DevOps is a very trendy term these days in the software development companies (SDC), term that emerges as a possible solution to finally reach an acceleration and a rise of productivity expected with the appearance of agile development approaches, but that until now had not materialized, through automation practices, continuous integration, continuous build, and continuous deployment. This paper aims to show current knowledge about the process of adopting DevOps in SDC through a systematic mapping of the literature. However, the results obtained show that there is little detailed information regarding activities, tasks, roles, and other important process elements for the adoption of DevOps. Similarly, it has been concluded that there is no a unified terminology, therefore, it is important to standardize it to simplify the understanding and application of DevOps. Furthermore, this paper shows the preview of the framework that it is being developed for the adoption of DevOps in the SDC.

International Journal of Software Engineering & Applications

Vihara Jayakody

The word DevOps derives from two different words Development and Operations. DevOps has recorded as an interesting and novel approach adopted to the commonly used Agile software development methodology. It raised agility of the software development process. Practical issues of Agile methodology emphasize the requirement for collaboration of software development and operating teams. This collaboration completed by the DevOps approach engages with the Agile methodology to improve the quality, performance, and speed of the software developments. Since DevOps is an accentuating approach in the software development industry, this research aimed to conduct a literature review to study the evolution of the DevOps approach and its adoption in information systems projects. This target has accomplished by reviewing the Agile methodology, issues of the Agile methodology, DevOps approach, challenges and overcoming strategies of DevOps, and success factors of the DevOps approach. Finally, the pa...

Periodicals of Engineering and Natural Sciences (PEN)

Cornell University - arXiv

Ridewaan Hanslo

IEEE Access

Muhammad Azeem Akbar

Sandeep Rangineni

Despite these efforts' merit, academics have had trouble keeping up with the radical shifts in how software is created and supplied to clients. DevOps has revolutionized the way IT businesses are intended to operate as the result of years of hard effort and improvement to software delivery methods, techniques, and philosophies. Despite its widespread use and the positive effects it has had on IT businesses' bottom lines, few people outside of the industry really understand what it is, how it operates, or if it can genuinely lead to better IT performance. This study provides a methodology that bridges the gap between these macro-level elements and the actual results of IT departments by focusing on the enabling components of DevOps, such as technological and management skills, and IT culture. Moreover, this study suggests the values of a perfect DevOps organization, which have a profound impact on IT Outcomes when they are in harmony with the firm's Delivery Approach. Inf...

IAEME PUBLICATION

IAEME Publication

DevOps, a game-changing methodology that unites software development and IT operations, is now fundamental to the state of the art in software engineering. The backbone of this approach is something called a "DevOps pipeline," which consists of automated operations coordinating code integration, testing, deployment, and monitoring. The purpose of this research is to improve our knowledge of DevOps pipelines and make their deployment more efficient. The study begins out with a deep dive into DevOps's background, illuminating its relevance in boosting software delivery speeds and final product quality. Best practices and frequent issues related with DevOps pipelines are identified via a thorough examination of current literature and real-world case studies. Strategies for addressing security flaws, integration difficulties, and scalability problems are discussed, providing significant insights for developers and academics alike. The study also looks at how containerization, microservices design, and serverless computing are affecting the future of DevOps. It offers a prospective look at the development of DevOps principles by assessing their effect on pipeline productivity, resource use, and scalability. An improved DevOps pipeline is provided in practice to corroborate the theoretical conclusions.

2021 International Research Conference on Smart Computing and Systems Engineering (SCSE)

An Information Technology (IT) project deals with IT infrastructure, information systems, or computers for delivering an IT product within a temporary period. Proper application of software development methodologies assists software designers to run IT projects to the success of achieving the satisfaction of project stakeholders. Because of the issues raised by traditional software development methodologies such as the Waterfall model, the IT industry began to employ Agile methodology for IT project management. However, due to the separation of software development and operation teams, Agile methodology also caused problems. DevOps is a new approach adapted to the Agile methodology that collaborates the software development and operation teams in order to provide continuous development of high-quality software in a short period of time. However, there are practical issues reported since DevOps approach is still in its infancy in the IT industry. The purpose of this research is to analyze the use of the DevOps concept in IT Projects by evaluating the challenges and mitigating strategies practiced by software development firms in order to ensure the success of IT projects. This purpose was achieved by performing a literature study and soliciting recommendations from industry professionals using a questionnaire survey. The findings reveal the critical challenges and prioritization of challenges experienced by software firms while adopting DevOps, as well as their practices for overcoming those challenges. The research findings will help IT project development teams and future researchers to develop strategies for making the success of DevOps adoption with Agile methodology in the IT industry.

RELATED TOPICS

•   We're Hiring!
•   Help Center
• Find new research papers in:
• Health Sciences
• Earth Sciences
• Cognitive Science
• Mathematics
• Computer Science
• Academia ©2024

Trends for the DevOps Security. A Systematic Literature Review

• Conference paper
• First Online: 31 July 2022
• Cite this conference paper

• Tiina Leppänen 7 ,
• Anne Honkaranta 7 &
• Andrei Costin 7  

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 453))

Included in the following conference series:

• International Symposium on Business Modeling and Software Design

701 Accesses

2 Citations

Due to technical advances, old ways for securing DevOps software development have become obsolete. Thus, researchers and practitioners need new insights into the security challenges and practices of DevOps development. This paper reviews the data extraction and analysis phase and results of a Systematic Literature Review (SLR) study that was carried out in 2019. The outcome is an updated list of security challenges and practices for DevOps software development. Both reviews shows that the most essential challenges for the DevOps security deal with the complexity of the development pipelines and the overall complexity of the cloud and microservice environments. The security activities identified were classified by using the BSIMM maturity model for software security as a framework. Our review shows that DevOps security research focuses mostly on deployment phase and technical aspects of software security. We compared the security activities identified in our study with the ones identified by the BSIMM development company in their 2020 review of 128 practitioners’ security practices and found matching practices and similar trends.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

• Available as PDF
• Read on any device
• Instant download
• Own it forever
• Available as EPUB and PDF
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Lwakatare, L., et al.: Devops in practice: a multiple case study of five companies. Inf. Softw. Technol. 114 , 217–230 (2019)

Article   Google Scholar  

Bass, L., Weber, I., Zhu, L.: DevOps: A Software Architect’s Perspective. Addison-Wesley Professional (2015)

Google Scholar  

Jaatun, M., Cruzes, D., Luna, J.: DevOps for better software security in the cloud. Invited paper. In: ARES ’17. Proceedings of the 12th International Conference on Availability, Reliability and Security 2017, Article no. 69, pp. 1–6. ACM (2017)

Hsu, T.: Hands-On Security in DevOps: Ensure Continuous Security, Deployment, and Delivery with DevSecOps. Packt Publishing Ltd. (2018)

Humble, J., Farley, D.: Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation. Pearson Education (2010)

Konersmann, M., Fitzgerald, B., Goedicke, M., Holmström Olsson, H., Bosch, J., Krusche, S.: Rapid continuous software engineering-state of the practice and open research questions: report on the 6th international workshop on Rapid Continuous Software Engineering (RCoSE 2020). ACM SIGSOFT Softw. Eng. Notes 46 (1), 25–27 (2021)

RedGate Software The state of database devops 2021 report. https://www.red-gate.com/solutions/database-devops/report-2021

Vizard, M.: Survey finds wide gap between DevOps adoption and success. https://devops.com/survey-finds-wide-gap-between-devops-adoption-and-success/

Atlassian survey 2020 - DevOps trends. https://www.atlassian.com/whitepapers/devops-survey-2020

Williams, L., McGraw, G., Migues, S.: Engineering security vulnerability prevention, detection, and response. IEEE Softw. 35 (5), 76–80 (2018)

Mohammed, N., Niazi, M., Alshayeb, M., Mahmood, S.: Exploring software security approaches in software development lifecycle: a systematic mapping study. Comput. Stan. Interfaces 50 , 107–115 (2017)

Jaatun, M.: Software security activities that support incident management in secure DevOps. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1–6. ACM (2018)

Koskinen, A.: Devsecops: Building Security into the Core of Devops. University of Jyväskylä, Jyväskylä, Finland (2019)

Kitchenham, B.: Procedures for Performing Systematic Reviews, vol. 33, pp. 1–26. Keele University, UK (2004)

SynopsysSoftware: BSIMM12, 2021 Insights Trends Report. https://www.bsimm.com/

Kitchenham, B., Brereton, O., Budgen, D., Turner, M., Bailey, J., Linkman, S.: Systematic literature reviews in software engineering–a systematic literature review. Inf. Softw. Technol. 51 (1), 7–15 (2009)

Brereton, P., Kitchenham, B.A., Budgen, D., Turner, M., Khalil, M.: Lessons from applying the systematic literature review process within the software engineering domain. J. Syst. Softw. 80 (4), 571–583 (2007)

MacDonell, S., Shepperd, M., Kitchenham, B., Mendes, E.: How reliable are systematic reviews in empirical software engineering? IEEE Trans. Softw. Eng. 36 (5), 676–687 (2010)

Wohlin, C.: Guidelines for snowballing in systematic literature studies and a replication in software engineering. In: EASE ’14. Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering, pp. 1–10. ACM (2014)

Jalali, S., Wohlin, C.: Systematic literature studies: database searches vs. backward snowballing. In: Proceedings of the 2012 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 29–38. IEEE (2012)

Glas, B.; Comparing BSIMM SAMM. https://owaspsamm.org/blog/2020/10/29/comparing-bsimm-and-samm/

Mello, J.: BSIMM10. DevOps is changing how software teams approach security. https://techbeacon.com/security/bsimm-10-devops-changing-how-software-teams-approach-security

SynopsysSoftware. https://news.synopsys.com/2020-09-15-Synopsys-Publishes-BSIMM11-Study-Highlighting-Fundamental-Shifts-in-Software-Security-Initiatives-in-Response-to-DevOps-and-Digital-Transformation

OWASP Foundation: OWASP software assurance maturity model. https://owasp.org/www-project-samm/

Pagel, T.: Overview of (DevSecOps) OWASP projects. https://owasp.org/www-chapter-germany/stammtische/frankfurt/assets/slides/48OWASPFrankfurtStammtisch1.pdf

OWASP DevSecOps maturity model. https://owasp.org/www-project-devsecops-maturity-model/

Felderer, M., Fourneret, E.: A systematic classification of security regression testing approaches. Int. J. Softw. Tools Technol. Transfer 17 (3), 305–319 (2015)

Souza, E., Moreira, A., Goulão, M.: Deriving architectural models from requirements specifications: a systematic mapping study. Inf. Softw. Technol. 109 , 26–39 (2019)

Ahmadvand, M., Pretschner, A., Ball, K., Eyring, D.: Integrity protection against insiders in microservice-based infrastructures: From threats to a security framework. In: Mazzara, M., Ober, I., Salaün, G. (eds.) STAF 2018. LNCS, vol. 11176, pp. 573–588. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04771-9_43

Chapter   Google Scholar  

Bass, L., Holz, R., Rimba, P., Tran, A., Zhu, L.: Securing a deployment pipeline. In: 2015 IEEE/ACM 3rd International Workshop on Release Engineering, pp. 4–7. IEEE (2015)

Beigi-Mohammadi, N., et al.: A DevOps framework for quality-driven self-protection in Web software systems. In: Proceedings of the 28th Annual International Conference on Computer Science and Software Engineering, pp. 270–274. IBM Corp. (2018)

Diekmann, C., Naab, J., Korsten, A., Carle, G.: Agile network access control in the container age. IEEE Trans. Netw. Serv. Manage. 16 (1), 41–55 (2018)

Düllmann, T., Paule, C., van Hoorn, A.: Exploiting DevOps practices for dependable and secure continuous delivery pipelines. In: 2018 IEEE/ACM 4th International Workshop on Rapid Continuous Software Engineering (RCOSE), pp. 27–30. IEEE (2018)

Tigli, J.Y., Winter, T., Muntés-Mulero, V., Metzger, A., Velasco, E., Aguirre, A.: ENACT: development, operation, and quality assurance of trustworthy smart IoT systems. In: Software Engineering Aspects of Continuous Development and New Paradigms of Software Production and Deployment: First International Workshop, DEVOPS 2018, vol. 11350, p. 112. Springer, Heidelberg, 5–6 Mar 2018 (2019)

Mackey, T.: Building open source security into agile application builds. Netw. Secur. 2018 (4), 5–8 (2018)

Mansfield-Devine, S.: DevOps: finding room for security. Netw. Secur. 2018 (7), 15–20 (2018)

Michener, J., Clager, A.: Mitigating an oxymoron: compliance in a DevOps environments. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 396–398. IEEE (2016)

Rahman, A., Williams, L.: Software security in DevOps: synthesizing practitioners’ perceptions and practices. In: 2016 IEEE/ACM International Workshop on Continuous Software Evolution and Delivery (CSED), pp. 70–76. IEEE (2016)

Raj, A., Kumar, A., Pai, S., Gopal, A.: Enhancing security of docker using Linux hardening techniques. In: 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), pp. 94–99. IEEE (2016)

Rios, E., Iturbe, E., Mallouli, W., Rak, M.: Dynamic security assurance in multi-cloud DevOps. In: 2017 IEEE Conference On Communications And Network Security (CNS), pp. 467–475. IEEE (2017)

Schoenen, S., Mann, Z.Á., Metzger, A.: Using risk patterns to identify violations of data protection policies in cloud systems. In: Braubach, L., Murillo, J.M., Kaviani, N., Lama, M., Burgueño, L., Moha, N., Oriol, M. (eds.) ICSOC 2017. LNCS, vol. 10797, pp. 296–307. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91764-1_24

Thanh, T., Covaci,S., Magedanz. T., Gouvas, P., Zafeiropoulos, A.: Embedding security and privacy into the development and operation of cloud applications and services. In: 2016 17th International Telecommunications Network Strategy and Planning Symposium (NETWORKS), pp. 31–36. IEEE (2016)

Torkura, K.A., Sukmana, M.I.H., Cheng, F., Meinel, C.: Cavas: Neutralizing application and container security vulnerabilities in the cloud native era. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds.) SecureComm 2018. LNICSSITE, vol. 254, pp. 471–490. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01701-9_26

Ullah, F., Raft, A., Shahin, M., Zahedi, M., Babar, M.: Security support in continuous deployment pipeline. In: Proceedings of 21th International Conference on Evaluation of Novel Approaches to Software Engineering, 12 p. Cornell University Archive (2017)

SynopsysSoftware: BSIMM12.explanation of the activities. https://www.bsimm.com/framework/governance/compliance-and-policy.html

Luz, W.P., Pinto, G., Bonifácio, R.: Adopting DevOps in the real world: a theory, a model, and a case study. J. Syst. Softw. 157 , 110384 (2019)

Rafi, S., Yu, W., Akbar, M.A., Alsanad, A., Gumaei, A.: Prioritization based taxonomy of DevOps security challenges using PROMETHEE. IEEE Access 8 , 105426–105446 (2020)

SynopsysSoftware: BSIMM12 Digest:The CISO’s Guide to Next-Gen AppSec. https://www.synopsys.com/software-integrity/resources/ebooks/ciso-guide-modern-appsec.html

Download references

Acknowledgements

Authors wish to thank the two anonymous reviewers for their invaluable comments and feedback that helped greatly to improve the quality of paper. Specifically, the other reviewer offered a very thorough review with many good comments, ideas, and suggestions.

Author information

Authors and affiliations.

University of Jyväskylä, Jyväskylä, Finland

Tiina Leppänen, Anne Honkaranta & Andrei Costin

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Anne Honkaranta .

Editor information

Editors and affiliations.

Faculty of Information Sciences, University of Library Studies and Information Technologies, Sofia, Bulgaria

Boris Shishkov

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Cite this paper.

Leppänen, T., Honkaranta, A., Costin, A. (2022). Trends for the DevOps Security. A Systematic Literature Review. In: Shishkov, B. (eds) Business Modeling and Software Design. BMSD 2022. Lecture Notes in Business Information Processing, vol 453. Springer, Cham. https://doi.org/10.1007/978-3-031-11510-3_12

Download citation

DOI : https://doi.org/10.1007/978-3-031-11510-3_12

Published : 31 July 2022

Publisher Name : Springer, Cham

Print ISBN : 978-3-031-11509-7

Online ISBN : 978-3-031-11510-3

eBook Packages : Computer Science Computer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research