Alert fatigue is a common issue faced by software teams using the DevSecOps paradigm. The overwhelming number of warnings and alerts generated by security and code scanning tools, particularly in smaller teams where resources are limited, leads to desensitization and diminished responsiveness to security warnings, potentially exposing systems to vulnerabilities. This paper explores the potential of LLMs in generating actionable security reports that emphasize the financial impact and consequences of detected security issues, such as credential leaks, if they remain unaddressed. A survey conducted among developers indicates that LLM-generated reports significantly enhance the likelihood of immediate action on security issues by providing clear, comprehensive, and motivating insights. Integrating these reports into DevSecOps workflows can mitigate attention saturation and alert fatigue, ensuring that critical security warnings are addressed effectively.

翻译：警报疲劳是采用DevSecOps范式的软件团队面临的常见问题。安全与代码扫描工具生成的海量警告和警报——尤其在资源有限的小型团队中——会导致对安全警告的脱敏和响应能力下降，可能使系统暴露于漏洞风险之中。本文探讨了LLM在生成可操作安全报告方面的潜力，此类报告着重强调已检测安全问题的财务影响与后果（例如凭证泄露问题若未得到处理可能引发的风险）。对开发人员的一项调查表明，LLM生成的报告通过提供清晰、全面且具有激励性的分析，显著提升了针对安全问题立即采取行动的可能性。将这些报告集成到DevSecOps工作流程中，能够缓解注意力饱和与警报疲劳问题，从而确保关键安全警告得到有效处理。