DevOps has emerged as one of the most rapidly evolving software development paradigms. With the growing concerns surrounding security in software systems, the DevSecOps paradigm has gained prominence, urging practitioners to incorporate security practices seamlessly into the DevOps workflow. However, integrating security into the DevOps workflow can impact agility and impede delivery speed. Recently, the advancement of artificial intelligence (AI) has revolutionized automation in various software domains, including software security. AI-driven security approaches, particularly those leveraging machine learning or deep learning, hold promise in automating security workflows. They reduce manual efforts, which can be integrated into DevOps to ensure uninterrupted delivery speed and align with the DevSecOps paradigm simultaneously. This paper seeks to contribute to the critical intersection of AI and DevSecOps by presenting a comprehensive landscape of AI-driven security techniques applicable to DevOps and identifying avenues for enhancing security, trust, and efficiency in software development processes. We analyzed 99 research papers spanning from 2017 to 2023. Specifically, we address two key research questions (RQs). In RQ1, we identified 12 security tasks associated with the DevSecOps process and reviewed existing AI-driven security approaches, the problems they addressed, and the 65 benchmarks used to evaluate those approaches. Drawing insights from our findings, in RQ2, we discussed state-of-the-art AI-driven security approaches, highlighted 15 challenges in existing research, and proposed 15 corresponding avenues for future opportunities.

翻译：DevOps已成为发展最为迅速的软件开发范式之一。随着软件系统安全问题的日益凸显，DevSecOps范式逐渐受到重视，它倡导从业者将安全实践无缝集成到DevOps工作流中。然而，将安全集成到DevOps工作流可能会影响敏捷性并阻碍交付速度。近年来，人工智能（AI）的进步彻底改变了包括软件安全在内的多个软件领域的自动化进程。AI驱动的安全方法，特别是那些利用机器学习或深度学习的技术，有望实现安全流程的自动化。这些方法减少了人工干预，可被集成到DevOps中，在确保持续交付速度的同时符合DevSecOps范式。本文旨在通过全面梳理适用于DevOps的AI驱动安全技术现状，并探索提升软件开发过程中安全性、可信度与效率的潜在路径，为AI与DevSecOps这一关键交叉领域作出贡献。我们分析了2017年至2023年间的99篇研究论文。具体而言，我们围绕两个关键研究问题展开：在RQ1中，我们识别出与DevSecOps流程相关的12项安全任务，系统回顾了现有的AI驱动安全方法、其解决的问题以及用于评估这些方法的65个基准数据集；基于研究发现，在RQ2中，我们讨论了最前沿的AI驱动安全方法，指出了现有研究中的15项挑战，并相应提出了15个未来机遇方向。