Advancing DevSecOps in SMEs: Challenges and Best Practices for Secure CI/CD Pipelines

Outlet Title

13th International Symposium on Digital Forensics and Security (ISDFS)

Authors

Jayaprakashreddy Cheenepalli, Dakota State University
John Hastings, Dakota State UniversityFollow
Khandaker Mamun Ahmed, Dakota State UniversityFollow
Chad Fenner, Dakota State University

Document Type

Conference Proceeding

Publication Date

2025

Abstract

This study evaluates the adoption of DevSecOps among small and medium-sized enterprises (SMEs), identifying key challenges, best practices, and future trends. Through a mixed methods approach backed by the Technology Acceptance Model (TAM) and Diffusion of Innovations (DOI) theory, we analyzed survey data from 405 SME professionals, revealing that while 68% have implemented DevSecOps, adoption is hindered by technical complexity (41 %), resource constraints (35 %), and cultural resistance (38 %). Despite strong leadership prioritization of security (73 %), automation gaps persist, with only 12 % of organizations conducting security scans per commit. Our findings highlight a growing integration of security tools, particularly API security (63 %) and software composition analysis (62 %), although container security adoption remains low (34 %). Looking ahead, SMEs anticipate artificial intelligence and machine learning to significantly influence DevSecOps, under-scoring the need for proactive adoption of AI -driven security enhancements. Based on our findings, this research proposes strategic best practices to enhance CI/CD) pipeline security including automation, leadership-driven security culture, and cross-team collaboration.

Recommended Citation

Cheenepalli, Jayaprakashreddy; Hastings, John; Ahmed, Khandaker Mamun; and Fenner, Chad, "Advancing DevSecOps in SMEs: Challenges and Best Practices for Secure CI/CD Pipelines" (2025). Research & Publications. 97.
https://scholar.dsu.edu/ccspapers/97