GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code
Nuno Saavedra, João F. Ferreira
Abstract
Infrastructure as Code (IaC) is the process of managing IT infrastructure via programmable configuration files (also called IaC scripts). Like other software artifacts, IaC scripts may contain security smells, which are coding patterns that can result in security weaknesses. Automated analysis tools to detect security smells in IaC scripts exist, but they focus on specific technologies such as Puppet, Ansible, or Chef. This means that when the detection of a new smell is implemented in one of the tools, it is not immediately available for the technologies supported by the other tools — the only option is to duplicate the effort.
Topics & Concepts
Computer scienceScripting languagePolyglotSoftware security assuranceFocus (optics)Secure codingSoftwareGlitchComputer securitySoftware engineeringDatabaseProgramming languageInformation securitySecurity serviceTelecommunicationsPhysicsDetectorOpticsSoftware Engineering ResearchAdvanced Malware Detection TechniquesSoftware Reliability and Analysis Research