DevOps has emerged as one of the most rapidly evolving software development paradigms. With the growing concerns surrounding security in software systems, the DevSecOps paradigm has gained prominence, urging practitioners to incorporate security practices seamlessly into the DevOps workflow. However, integrating security into the DevOps workflow can impact agility and impede delivery speed. Recently, the advancement of artificial intelligence (AI) has revolutionized automation in various software domains, including software security. AI-driven security approaches, particularly those leveraging machine learning or deep learning, hold promise in automating security workflows. They reduce manual efforts, which can be integrated into DevOps to ensure uninterrupted delivery speed and align with the DevSecOps paradigm simultaneously. This paper seeks to contribute to the critical intersection of AI and DevSecOps by presenting a comprehensive landscape of AI-driven security techniques applicable to DevOps and identifying avenues for enhancing security, trust, and efficiency in software development processes. We analyzed 99 research papers spanning from 2017 to 2023. Specifically, we address two key research questions (RQs). In RQ1, we identified 12 security tasks associated with the DevOps process and reviewed existing AI-driven security approaches. In RQ2, we discovered 15 challenges encountered by existing AI-driven security approaches and derived future research opportunities. Drawing insights from our findings, we discussed the state-of-the-art AI-driven security approaches, highlighted challenges in existing research, and proposed avenues for future opportunities.

翻译：DevOps已成为软件工程中演化最为迅速的范式之一。随着软件系统安全问题的日益凸显，DevSecOps范式逐渐兴起，要求实践者将安全实践无缝融入DevOps工作流。然而，在DevOps工作流中集成安全性可能影响敏捷性并降低交付速度。近年来，人工智能（AI）的进步极大地推动了包括软件安全在内的多个软件领域的自动化进程。基于AI的安全方法（尤其是采用机器学习或深度学习的方法）有望实现安全工作流的自动化：通过减少人工干预，这些方法既能被集成至DevOps以保障交付速度，又能同时遵循DevSecOps范式。本文旨在通过系统梳理适用于DevOps的AI驱动安全技术全景，并识别增强软件开发流程安全性、可信度与效率的潜在路径，为AI与DevSecOps交叉领域作出贡献。我们分析了2017年至2023年间的99篇研究论文。具体而言，我们围绕两个核心研究问题（RQs）展开：在RQ1中，我们识别了与DevOps流程相关的12项安全任务，并综述了现有AI驱动安全方法；在RQ2中，我们发现了现有AI驱动安全方法面临的15项挑战，并推导出未来研究方向。基于研究发现，我们探讨了当前最前沿的AI驱动安全方法，指出了现有研究的不足，并提出了未来可探索的研究路径。