Litcius/Paper detail

Static Analysis of Infrastructure as Code: a Survey

Michele Chiari, Michele De Pascalis, Matteo Pradella

202225 citationsDOIOpen Access PDF

Abstract

The increasing use of Infrastructure as Code (IaC) in DevOps leads to benefits in speed and reliability of deployment operation, but extends to infrastructure challenges typical of software systems. IaC scripts can contain defects that result in security and reliability issues in the deployed infrastructure: techniques for detecting and preventing them are needed. We analyze and survey the current state of research in this respect by conducting a literature review on static analysis techniques for IaC. We describe analysis techniques, defect categories and platforms targeted by tools in the literature.

Topics & Concepts

DevOpsComputer scienceSoftware deploymentReliability (semiconductor)Static analysisStatic program analysisDevelopment testingCode (set theory)SoftwareSoftware engineeringSoftware qualityScripting languageSoftware security assuranceComputer securitySoftware developmentInformation securityOperating systemProgramming languageSet (abstract data type)Power (physics)PhysicsQuantum mechanicsSecurity serviceSoftware System Performance and ReliabilitySoftware Engineering ResearchSoftware Testing and Debugging Techniques