This study evaluates the adoption of DevSecOps among small and medium-sized enterprises (SMEs), identifying key challenges, best practices, and future trends. Through a mixed methods approach backed by the Technology Acceptance Model (TAM) and Diffusion of Innovations (DOI) theory, we analyzed survey data from 405 SME professionals, revealing that while 68% have implemented DevSecOps, adoption is hindered by technical complexity (41%), resource constraints (35%), and cultural resistance (38%). Despite strong leadership prioritization of security (73%), automation gaps persist, with only 12% of organizations conducting security scans per commit. Our findings highlight a growing integration of security tools, particularly API security (63%) and software composition analysis (62%), although container security adoption remains low (34%). Looking ahead, SMEs anticipate artificial intelligence and machine learning to significantly influence DevSecOps, underscoring the need for proactive adoption of AI-driven security enhancements. Based on our findings, this research proposes strategic best practices to enhance CI/CD pipeline security including automation, leadership-driven security culture, and cross-team collaboration.

翻译：本研究评估了中小型企业（SMEs）对DevSecOps的采纳情况，识别了关键挑战、最佳实践及未来趋势。通过采用基于技术接受模型（TAM）与创新扩散理论（DOI）的混合研究方法，我们分析了来自405位中小企业专业人士的调研数据。结果显示，尽管68%的企业已实施DevSecOps，但采纳过程仍受技术复杂性（41%）、资源限制（35%）和文化阻力（38%）的阻碍。尽管领导层高度重视安全性（73%），自动化缺口依然存在，仅12%的组织在每次代码提交时执行安全扫描。我们的研究结果突显了安全工具日益增强的集成趋势，特别是API安全（63%）和软件成分分析（62%）工具，但容器安全的采纳率仍然较低（34%）。展望未来，中小企业预期人工智能和机器学习将对DevSecOps产生重大影响，这强调了主动采纳AI驱动安全增强措施的必要性。基于研究发现，本研究提出了提升CI/CD管道安全性的战略性最佳实践，包括自动化、领导力驱动的安全文化以及跨团队协作。