Score
Managing the end-to-end lifecycle of software and operational changes, including requirements definition, version control, CI/CD pipelines, release coordination, rollback plans, and formal change management procedures (e.g., ITIL, change advisory boards) to ensure controlled, auditable deployments and traceable approvals.
Modern online services face escalating risks of service failures and financial losses due to frequent software changes. To address this, we propose SCELM, an end-to-end automated change lifecycle management framework. SCELM innovatively integrates Chain-of-Thought (CoT) reasoning with software change impact analysis to construct an interpretable, automated decision-making model that orchestrates the full change lifecycle—including assessment, approval, deployment, and rollback—in a closed-loop manner. Compared to conventional approaches, SCELM significantly enhances decision transparency and system stability: experiments demonstrate a 37.2% reduction in service failure rate, a 51.6% decrease in mean time to recovery (MTTR), and a 42.8% improvement in operations personnel’s accuracy in risk assessment. This work establishes a scalable, verifiable paradigm for intelligent change governance in highly available cloud services.
This paper addresses the conceptual ambiguity, ill-defined boundaries, and lack of implementation standards between Infrastructure-as-Code (IaC) and Pipeline-as-Code in DevOps practice. To resolve these issues, we systematically delineate their respective roles and synergistic mechanisms within the DevOps ecosystem and propose a reusable, standardized IaC-driven CI/CD implementation framework. Our approach integrates Terraform for infrastructure provisioning, Ansible for configuration management, GitLab CI for pipeline orchestration, and Docker/Kubernetes for containerized deployment—enabling an end-to-end automated delivery pipeline. Empirical evaluation demonstrates 99.8% configuration change accuracy, reduces environment provisioning time from hours to minutes, and significantly improves deployment consistency and delivery efficiency.
To address interdisciplinary interoperability, variant configuration governance, end-to-end traceability, and cross-organizational collaboration challenges arising from the networked evolution of Systems of Systems (SoS), this paper proposes a lifecycle management framework for Network-Centric Development (NCD). Methodologically, it grounds the framework in Model-Based Systems Engineering (MBSE) semantics and integrates Product Lifecycle Management (PLM) governance, CAD-CAE model synchronization, and closed-loop digital thread/digital twin capabilities. Its core contributions are four foundational principles: (1) reference architecture with a unified data model; (2) end-to-end configuration sovereignty; (3) review-driven model gating; and (4) quantifiable value contribution assessment. Empirical validation across transportation, healthcare, and public-sector domains demonstrates significant improvements in change robustness and model reuse rate, reduced delivery cycles, and enhanced support for sustainability-oriented decision-making.
This study addresses the quality-efficiency-cost imbalance in industrial CI/CD pipelines caused by heterogeneous failure types. We propose a process refactoring paradigm centered on two critical milestones: code integration (pre-merge) and product release. First, we systematically define “good failures” (early-detected, low-cost) versus “bad failures” (late-occurring, high-blocking). Grounded in empirical studies across four enterprises—including workflow mapping and failure root-cause modeling—we develop a transferable pre-merge failure governance framework. Evaluation results show a 37% reduction in average feedback latency, a 29% decrease in spurious build overhead, significant improvement in developer throughput, and optimized cloud resource utilization. Our core contribution lies in transcending conventional stage-based pipeline segmentation to enable failure-driven, fine-grained process control—marking a paradigm shift toward adaptive, cost-aware CI/CD orchestration.
This study presents the first empirical investigation into the evolution of CI/CD configurations in machine learning (ML) projects. Addressing the lack of understanding regarding how CI/CD configurations co-evolve with ML components, the authors analyze 508 open-source ML projects, 343 manually annotated commits, and 15,634 automated CI/CD commits. They propose a novel 14-category taxonomy capturing synergistic changes between CI/CD and ML components, develop a dedicated clustering tool to identify recurrent evolutionary patterns, and establish an empirically grounded model linking developer experience to CI/CD configuration modification behavior. Results show that 61.8% of CI/CD-related commits involve build strategy modifications; common anti-patterns—including dependency hardcoding and missing test frameworks—are identified; and senior developers modify CI/CD configurations more frequently and effectively than juniors, confirming the critical role of experience in CI/CD maintenance.
This work addresses the challenge of silent updates to large language models (LLMs) by service providers, which often occur without version changes and can lead to behavioral drift and functional regressions, while existing mechanisms lack deployment-side control over compatibility governance. Framing LLM updates as a software supply chain governance problem, this study proposes a deployment-side control framework that defines rule-based production contracts, constructs risk-category-oriented test suites, and enforces compatibility gates to validate model safety and performance prior to updates. Experimental results demonstrate that the approach effectively uncovers fine-grained regressions missed by aggregate metrics, while also highlighting critical challenges in test design, threshold calibration, and drift attribution.
This work addresses the limitations of existing CI/CD workflow analyses, which often focus narrowly on stage identification and struggle to assess reliability, maintainability, and optimization priorities. To overcome this, we propose a large language model–based CI/CD analysis pipeline that integrates repository context enhancement, anti-pattern detection, stage mining, and actionable recommendation generation. Our approach uniquely combines diagnostic reasoning, context awareness, and human-in-the-loop review to deliver observability tailored to cybersecurity engineering. Leveraging few-shot prompting, YAML parsing, and statistical tests (chi-square and Cramér’s V), the method identifies 434,769 anti-patterns across 75,201 workflows and generates an average of 8.25 syntactically valid optimization suggestions per repository, achieving a 96.1% compliance rate with YAML syntax standards.
This study addresses the lack of systematic understanding regarding the evolution of GitHub Actions workflows. Through a mixed-methods approach, we conduct the first large-scale empirical analysis of over 3.4 million workflow file versions from more than 49,000 repositories spanning November 2019 to August 2025. We identify seven categories of conceptual changes and find that repositories typically contain a median of three workflow files, with 7.3% of workflows modified weekly—approximately 75% of which involve only a single change, predominantly in task configuration and specification. Our findings further indicate that current large language model (LLM) tools have not yet significantly influenced workflow maintenance frequency, offering empirical grounding for the design of fine-grained automated maintenance tools.
This work addresses the growing complexity of CI/CD pipelines and the lack of structured analysis capabilities in existing tools for understanding their behavior, failures, and version evolution. The authors propose an innovative approach that uniquely integrates digital twin technology with BPMN-based modeling in DevOps contexts. By automatically parsing raw CI configurations and execution logs, the method constructs structured, high-level process models that enable pipeline visualization, failure traceability, and cross-version comparison. Evaluated across multiple open-source projects, the approach demonstrates effectiveness in monitoring, evolutionary analysis, and fault diagnosis, offering a modular and extensible foundational framework for the analysis and optimization of CI/CD pipelines.
This study addresses the lack of standardized guidance for effectively integrating technical debt management tools into existing CI/CD practices, which hinders the continuous control of technical debt. By systematically analyzing approximately 600,000 Travis CI configuration files and 50,000 auxiliary scripts from GitHub, the authors identify 3,684 pipelines that integrate technical debt management tools. Their findings reveal that such integrations predominantly rely on external script invocations and frequently exhibit configuration anti-patterns, notably the absence of feedback mechanisms. This work provides empirical evidence of current integration practices and prevalent anti-patterns, offering actionable insights to inform the design of better tooling and improve CI/CD integration strategies for technical debt management.