In today’s rapidly evolving technological and social landscape conventional challenges of Embedded Software (ES) Development being adequately coped with Embedded DevSecOps dedicated practices [ 1, 2, 3, 4 ] are complemented with the new ones that ever growing (non)anticipated diversity, interdependence and volatility of DevSecOps environment currently cause such as [ 2 ]:

safety and secure managing complex and highly distributed ES development environment.

Recognizing Embedded DevSecOps insufficiency to cope them both academia [ 5 ] and practitioners [ 6 ] just consider Software Product Line paradigm as its perspective complement.

The purpose of the paper is two-fold. First, in line with ideas of [ 5, 6 ] it presents a novel approach for Embedded DevSecOps-based ES Development enhancing with System and Software Product Line paradigm up to ISO/IEC 265xx series as a remedy to effectively and efficiently address both above-mentioned new ES DevSecOps challenges and conventional ones. To this end ES Continuous Testing within DevSecOps CI/CD pipeline is proposed to consider as a feedback-based series of the stages where regular ES testing procedures known as X-in-Loops [ 7 ] should be executed and step-by-step modeling each stage in a Test driven development style i.e. as a service process of dedicated Test Product Line (TPL) engineering up to ISO/IEC 26554 while assuming Embedded DevSecOps process to be in turn coherently modeled as a target ES Product line (SPL) engineering up to ISO/IEC 26550 that drives adjoining TPL and wraps it on .

Secondly, the paper sums up the results of the author’s attempt to justify their approach. It describes draft Technological Model for ES Continuous Testing critical sub-process (CT from now on) that should be performed on host at the very beginning of Software on open Loop stage [ 7 ] to produce the first (or just changed to fix the bugs) ES code for it with appropriately high quality.. Moreover, pilot Toolkit to automate the Model’s usage is also presented.

The process of end-to-end Software Continuous Testing over СI/CD pipeline is introduced with ISO/IEC/IEEE 32675 as implementation of core DevOps Principle “Left shift and continuous everything”. Within Embedded domain it purposes at constantly meeting unique requirements for ES safety, security, privacy, reliability, performance and extremely long life cycles thus becoming the Foundation of DevSecOps. As such, being well-designed and implemented, its key promising features are as follows: • • • •

Just it should ensure both ES appropriate quality and its generation efficiency (speed, security, and coordination among Dev, Sec, Ops and Test teams) enabling its usage within target system as expected [ 2 ].

It should implement feedback among ES versions within a single build (in single Embedded CI/CD pipeline round) as well as traceability and controllability among ES versions of different builds (across multiple rounds) thus implementing Variability Management for ES and their (non)executable artifacts.

It have to highlight defects at Continuous Integration, Continuous Deployment and Operation stages; concerning information obtained after ES careful static analysis [8], particularly Advanced Static Application Security Testing (SAST) [8, 9, 10] for (non)directed fuzzing, followed further by automated (and appropriate manual) testing of safety and security, reliability, compatibility, performance, load, maintainability, and portability. It should set up and maintain appropriate conceptual and information environment for Embedded DevSecOps.

Realizing the above promises could however be blocked with key Issues. Some of them are largely originated in embedded systems overarching architecture and inherent complexities of their design and deployment [ 1 ] and aren’t thus considered in the paper. But others are inherent ES Continuous Testing Issues especially addressed further concerning ES CT with Product Line Paradigm.

These are listed beneath.

Common conventional processes and techniques for dynamic testing as prescribed with ISO/IEC/IEEE 29119-3 and ISO/IEC/IEEE 29119-4 effective usage within Embedded domain. 2. ES Continuous Testing assets effective and efficient configuration, management and controllable reuse both over single Embedded DevSecOps rounds and among them. 3. Full-aspect traceability enablement among ES Continuous Testing assets themselves on the one hand and over DevSecOps process as a whole on the other one. 4. ES testsing on embedded targets from Software in the Loop to Hardware (or in automotive domain even vehicle) in the Loop Initiation, Monitoring and Management. 5. Due ES quality, especially Safety and Security, timely and carefully monitoring, reporting and assuring. 6. Proper responsibilities division and control among various Test and Dev, Sec, Ops teams. 7. Current maturity assessment of ES Continuous Testing process and gain insights concerning the needs, aspects and ways to increase it.

As far as proper ES Continuous Testing process should be the Foundation for Embedded DevSecOps its intrinsic above-listed Issues 1-7 become also crucial for DevSecOps too thus demanding be effectively and efficiently addressed. Analysis of Embedded domain [ 1, 2, 4, 7 ] identifies Model Driven Engineering as a top-level meta-paradigm for ES development and also two most promising paradigms within it beyond Embedded DecSecOps, namely System and Software Product Line [ 5, 6 ] (as defined with ISO/IEC 265xx series) and Microservice Architecture, preferably with Docker [ 1 ] compared in Table 1. As Table 1 shows they partially complement each other in addressing the Issues 1-7 above over different DevSecOps stages. The both could also refine it while Microservice Architecture especially increases Continuous Integration efficiency and its builds quality with proper Docker-based containers [ 1 ]. Moreover, automated tests over ES Continuous Testing could be distributed across separate containers and executed independently thereby enabling incremental ES improvement [ 2 ].

Table 1

Comparing Product line and Microservice Architecture for ES Engineering Paradigm Key Idea Benefit Limitation Use case

With above-mentioned ultimate purpose in mind of Embedded DevSecOps enhancing with Product Line and Microservice Architecture, proper ES CT process is proposed to introduce in Test driven development style [ 1 ] but under PL context. More specifically, this process is modeled as a couple of Testing sub-processes of target SPL Domain and, respectively, Application Verification and Validation, on the one hand, and simultaneously as SPL— driven process for TPL engineering. Common concepts necessary to define the process at hand in such a way are delineated beneath to use hereafter.

The first such concept is Embedded DevSecOps. It could be considered as two-stepped refinement of conventional DevOps defined with ISO/IEC/IEEE 32675-2022 as a set of principles and practices which enable better communication and collaboration between relevant stakeholders for the purpose of specifying, developing, and operating software and systems products and services, and continuous improvements in all aspects of the life cycle. — for further delivering and maintaining higher-quality ES overcoming the challenges above. It brings together three core fundamentals: development, operations, quality assurance [ 1 ].

ES safety and security become a next-gen challenge that transforms Embedded DevOps [ 1 ] into Embedded DevSecOps. Secure ES requires early potential threats identification to define appropriate security requirements that guide ES development from architecture to coding to operation within target system. In other words, security must be embedded into ES from the very beginning, as an integral component of overall target embedded system quality.

Embedded CI/CD pipeline is thus the second

The third one is PL being defined with ISO/IEC 26550 as a set of products and/or services sharing explicitly defined and managed common and variable features and relying on the same domain architecture to meet the common and variable needs of specific markets. ISO/IEC 26550 also fixes PL engineering peculiarities useful hereafter such as: • • • • •

Problem and Solution spaces being formed with anticipated common and variable domain products’ features (that are referred to as commonality and variability) together with the rules of composing them for a product and, respectively, with reusable assets (both nonexecutable and software) together with corresponding rules of configuring assets for terminal or compound features implementing within a sample product.

Problem space de-facto standardized representation with Feature Model (FM) being defined as a tree of commonalities and variabilities with their additional dedicated interrelations. In turn, Solution space de-facto standardized representation with Platform being defined as a PL architecture, a configuration management plan and domain assets enabling Application engineering to effectively reuse and produce a set of derivative products. Domain and Application engineering lifecycles where the above reusable resources are engineered (for reuse) and, respectively, iteratively configured within sample products with commonalities and anticipated variabilities (with their respective Verification and Validation and also Realization processes where ES development specificity will be primarily implemented).

Both Organizational and Technical management process groups with the process of PL Variability management within the second one where Variability is considered as the ability of PL’s product or artefact to be extended, changed, customized or configured for use in a specific context.

To cope ES Continuous Testing Issues 1—7 from Section 2 let’s define CT (being considered as earliest and simplest sub-stage) with its dedicated Technological Model trough three successive steps. First, assume ES is being developed for various hardware systems with explicitly define common and variable characteristics as an extensible set of software products possessing hardware data—driven common and variable features with appropriate PL (SPL) where: 1. SPL engineering process is constituted with the series of PL environment initial Set-up and further Reinvention rounds with its FM and Platform initial defining and then evolving (where PL products creating is prohibited) that interchange with unified production rounds (where FM and Platform are conversely fixed and options are especially provided to create ES up to them). Just this round is considered further in the article as a context of TPL defining within process perspective. 2. Unlike ISO/IEC 26550, SPL Domain Engineering and Application Engineering life cycles are implemented by means of appropriate Domain and Application Embedded DevSecOps cyclic processes being synchronized with Organizational and Technical Management processes that are however left conventional. In particular, Domain and Application Realization processes are implemented by means of Embedded CI/CD pipelines from corresponding DevSecOps processes.

Secondly, list requirements for the Model to make it constructive. These are inspired with the requirements [8, 9] or reliable analysis of ES code data and control flows as follows. 1. Compliance — applicability for any ES target PL and CI/CD pipelines implementation technologies, test automation strategy and Dev, Sec, Ops, Test teams responsibilities and skills. 2. Transparency — clear representation of CT’s tasks, tests and artifacts being produced as their solutions, teams’ roles producing them and all the traceability links between and target ES PL artifacts. 3. Focus on ES Quality — enablement tests for compliance checking with critical ES Quality characteristics, foremost Safety and Security, Performance efficiency, Reliability, Compatibility, Maintainability and, not compromising, Functional suitability prescribed with ES quality model adopted (ISO/IEC 25010 by default or its refinements e. g.

Z.Tamrabet’s ESQuMO). 4. Lean automatability — acceptability any test automation strategy (from classical R. Martin’s Test Pyramid to DevOps Hourglass to Spotify’s Honeycomb) and tools (from online and opensource tools to proprietary software). 5. CT estimability — enablement its sound, informed and consistent maturity profile assessment in accordance with TPI Next [11] industrial testing maturity model.

Lastly, to meet the requirements listed, seamlessly combine industrially proven best practices and techniques from ES Engineering and business-driven industrial testing domains, namely: • • • • • •

Embedded DevSecOps process and its CI/CD pipeline effective patterns [ 1 ] ISO/IEC 26554 Product line testing reference model Advanced static analysis of (non) executable DevSecOps artifacts [8, 9, 10] Embedded (non)directed fuzzing, both forward and backward [ 4, 12 ] Common conventional techniques for software testing levels from unit to system being defined with ISO/IEC/IEEE 29119-4 and their model-based, foremost with state charts enhancements for exactly ES testing [ 3 ] Performing and Organizing Topics of TMap Body of knowledge covering Industrial testing best practices to reconcile the rest highly divergent constructs [13].

Resulted high-level CT’s Model is defined from the process perspective to be three-leveled structured triple: , ; (1) (2) (3) where is CT’s context — organizational , developmental and methodical ; denotes CT’s parameters proposed to tailor it up to , namely CT’s Strategy and extensible sets of quality characteristics to be necessarily tested, adopted testing techniques and automated tools , TPL reinvention rules and CT’s automation levels ; is a structured sextet (2) of TPL generic processes and TPL information environment where they should execute that includes Domain Testing and Application Testing , Test Management , Asset Management in Testing and Variability Management in Testing as defined with ISO/IEC 26554 while being enhanced with appropriate reference CT workflows using advanced static analysis and embedded fuzzing for CI/CD pipelines within Domain and Engineering DevSecOps being assumed [14];

composes domain assets and application assets that and (2) processes produce with own internal structure (presented further in Figure 1); , (4) where fixes TPL features with their interrelations thus capturing its variability; and contains patterns for static analysis of SPL Platform elements and respectively autonomous tests and scenarios for dynamically testing them thus constituting TPL Platform; , are the same as , but for admissible configurations of SPL Platfom elements; fixes rules for , , elements within Application Testing; and store reports being produced with and ; contains CT maturity profiles up to TPI Next [11].

At the second TM’s level its constituents from (1) are further detailed as follows: is an extensible set of paired personal and team roles of CT’s actors from Dev (tester, programmer, analyst, Tec writer, manager by default), Quality Assurance (leader, analyst, technician by default), Security (CISO, analyst, technician by default) and Operations (CIO, analyst, technician by default);

fixes an extensible set of Embedded DevSecOps with CI/CD pipeline proven patterns where J. Beningo’s “ideal” CI/CD pipeline [ 1 ] is a core element by default; combines Organizing and Performing topics from Sogety’s TMap Body of knowledge [11]; is proposed to define as a four-dimensional relation that enables explicit responsibility distribution among CT’s actors;

where extensible set includes reference modes of testing being performed by actors with roles from at unit (u), integration (i) and system (s) levels within Domain engineering(d) or Application one (a) that by default are: product by product testing with tests immediately generating ( ); product by product testing with tests proactively generating as a Domain engineering reusable assets ( ); incremental testing where the first product is tested with or mode but for the next only tests for new features are generated while for the features yet previously tested existing tests are used as reusable assets of Domain engineering ( ) or Application one ( );

contains initial level (where only open source, free trial and as-a-service solutions should be used along with initial requirements for automation kit eliciting), interim level (additional subscription solutions and requirements refining) and the last level of full CT’s automation with proprietary and custom tools meeting elicited requirements that altogether are the core.

In turn, for CT’s sub-processes from (2), (3) unified view is proposed focusing at ’s tasks: where just lists these ’s tasks; includes workflows of ’s operations being executing over ’s sub-environment to perform its tasks .

Table 2 presents all the tasks from obtained through CT-based refinement of conventional PL testing sub-processes’ tasks as prescribed with ISO/IEC 26554. (5) (6)

The Technological Model and Prototype Toolkit for ES Continuous Testing being now considered only on host at the very beginning of Software in the open Loop stage provides Dev, Sec and Ops teams with significant benefits such as: • • •

Ensures readiness of tested software for Software in-the-Loop testing Provide a background for comprehensive embedded testing process model elaborating Leverages and coordinates various Test and Dev, Sec, Ops teams efforts at all the testing levels among embedded CI/CD stages over SPL Domain and Application engineering.

Their additional bonus is the possibility to further enhance CT with GenAI potential related to TMap Organizing and Performing topics [13] included in the Model.

Extending the outlined Model and its automation Kit for Embedded Testing process as a whole for further implementing an approach proposed is the authors’ future work.

The author(s) have not employed any Generative AI tools. [8] M. Becker, J. Palczynski, Automatic Verification of (un)intended Data and Control Flows in Embedded Software (2024). URL: https://www.mathworks.com/content/dam/mathworks/conference-or-academicpaper/automatic-verification-of-unintended-data-and-control-flows-in-embedded-softwareew24.pdf [9] M. Becker, J. Palczynski, Increasing Resilience to Cyberattacks through Advanced Use of Static Code Analysis (2021). URL: https://www.mathworks.com/company/technicalarticles/increasing-resilience-to-cyberattacks-through-advanced-use-of-static-codeanalysis.html [10] M. Becker, J. Palczynski, Reconciling Software Development Speed and Robustness with Optimally Balanced Static Application Security Testing (2023). URL: https://www.mathworks.com/company/technical-articles/reconciling-software-developmentspeed-and-robustness-with-optimally-balanced-static-application-security-testing.html [11] A. van Ewijk et al., TPI® NEXT Business Driven Test Process Improvement, Sogeti, 2013 [12] M. Huang, C. Lemieux, Directed or Undirected: Investigating Fuzzing Strategies in a CI/CD Setup (Registered Report), in; Proceedings of the 3rd ACM International Fuzzing Workshop (FUZZING ’24), September 16, Vienna, Austria. ACM, New York, NY, USA, 2024, pp. 33-41. doi: org/10.1145/3678722.3685532 [13] Topics plotted on the High-performance IT delivery models, 2025. URL: https://www.tmap.net/page/topics-plotted-high-performance-it-delivery-models [14] O. Slabospitskaya, A. Kolesnik, The Model for Enhanced Variability Management Process in Software Product Line, in: Mayr H.C., Kop C., Liddle S., Ginige A. Information Systems: Methods, Models and Applications. Revised selected papers of 4-th International United Information Systems Conference (UNISCON 2012). Yalta, Ukraine, 2012, pp. 162–171. doi: https://doi.org/10.1007/978-3-642-38370-0_15