{"paper":{"title":"Low-Code Paradox in DevOps: Security and Governance Insights from Practitioners","license":"http://creativecommons.org/licenses/by/4.0/","headline":"Low-code platforms in DevOps automate tasks but raise security risks and governance challenges per practitioner interviews.","cross_cats":[],"primary_cat":"cs.SE","authors_text":"Arif Ali Khan, Muhammad Azeem Akbar, Saima Rafi","submitted_at":"2026-05-16T12:47:34Z","abstract_excerpt":"DevOps has become a dominant paradigm in modern software engineering, while low-code development platforms (LCDPs) are increasingly adopted to streamline software development. The integration of these approaches promises efficiency gains but also raises critical concerns regarding security and governance. Despite their growing use, insufficient attention has been given to the implications of these platforms for security and governance in DevOps environments. This study investigates practitioners perspectives on the security and governance implications of LCDPs in DevOps environments. Twelve se"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"Findings reveal that LCDPs help automate tasks; however, they also increase security risks and governance challenges, highlighting the need for robust practices and a security-conscious culture.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The perspectives gathered from the twelve interviewed IT professionals are representative of the broader security and governance implications of LCDPs in DevOps environments.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"A qualitative study of twelve practitioner interviews finds that low-code platforms automate tasks in DevOps but increase security risks and governance challenges, requiring robust practices and a security-conscious culture.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Low-code platforms in DevOps automate tasks but raise security risks and governance challenges per practitioner interviews.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"eed8498e79834589de906a6a35258790bafdb83e199a683cd8485a46267681b4"},"source":{"id":"2605.16971","kind":"arxiv","version":1},"verdict":{"id":"12da3c62-46e4-4051-b341-46b76ceececb","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-19T20:21:57.084915Z","strongest_claim":"Findings reveal that LCDPs help automate tasks; however, they also increase security risks and governance challenges, highlighting the need for robust practices and a security-conscious culture.","one_line_summary":"A qualitative study of twelve practitioner interviews finds that low-code platforms automate tasks in DevOps but increase security risks and governance challenges, requiring robust practices and a security-conscious culture.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The perspectives gathered from the twelve interviewed IT professionals are representative of the broader security and governance implications of LCDPs in DevOps environments.","pith_extraction_headline":"Low-code platforms in DevOps automate tasks but raise security risks and governance challenges per practitioner interviews."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.16971/integrity.json","findings":[],"available":true,"detectors_run":[{"name":"doi_compliance","ran_at":"2026-05-19T20:31:34.551654Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_title_agreement","ran_at":"2026-05-19T20:31:19.059053Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"cited_work_retraction","ran_at":"2026-05-19T19:51:57.112731Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"citation_quote_validity","ran_at":"2026-05-19T19:50:07.830682Z","status":"skipped","version":"0.1.0","findings_count":0},{"name":"claim_evidence","ran_at":"2026-05-19T18:41:56.222641Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"ai_meta_artifact","ran_at":"2026-05-19T18:33:26.309076Z","status":"skipped","version":"1.0.0","findings_count":0}],"snapshot_sha256":"c65f97e14588d322f6749e97c07edb9cdbd58886532288782ef2055c2ec40f7f"},"references":{"count":34,"sample":[{"doi":"","year":2018,"title":"and Vestergaard, O., 2018, August","work_id":"56664fe5-eb30-4520-a5ed-4260c0ad74a9","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2018,"title":"Accelerate: State of devops 2018: Strategies for a new economy","work_id":"a7263dd8-e2f6-4026-82e5-6c1b554b432c","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"10.1109/mitp.2020.2966614","year":2021,"title":"IT Governance in a DevOps World,","work_id":"b8babbfd-b059-4bab-8750-b07b14e4c7df","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"10.1007/s10270-021-00964-0","year":2022,"title":"Modelling in low -code development: a multi-vocal systematic review,","work_id":"1947f22c-2658-4a49-8bef-541e8d10c391","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2023,"title":"and Iqbal, A., 2023","work_id":"6d6dbf1a-230d-429e-8e7a-8bbb042f91a2","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":34,"snapshot_sha256":"a49c0a6a83bd57103deb6ad5a1f8f6bee87af31a3677b639f22473a6ea5d70f0","internal_anchors":0},"formal_canon":{"evidence_count":2,"snapshot_sha256":"77eb582e35b34e061eb7c8b9ec775e9d4b0a08016030baf758b90f78014cc152"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"}