Static Analysis of Infrastructure as Code: a Survey

Michele Chiari (1); Michele De Pascalis (1); Matteo Pradella (1; 2); ((1) DEIB; Politecnico di Milano; (2) IEIIT; Consiglio Nazionale delle; Ricerche)

arXiv:2206.10344·cs.SE·June 22, 2022

Static Analysis of Infrastructure as Code: a Survey

Michele Chiari (1), Michele De Pascalis (1), Matteo Pradella (1, 2), ((1) DEIB, Politecnico di Milano, (2) IEIIT, Consiglio Nazionale delle, Ricerche)

PDF

TL;DR

This survey reviews static analysis techniques for Infrastructure as Code (IaC), highlighting current methods, defect types, and platforms to improve security and reliability in IaC deployment.

Contribution

It provides a comprehensive overview of existing static analysis approaches for IaC, identifying research gaps and categorizing defect types and tools.

Findings

01

Various static analysis techniques are used for IaC.

02

Defect categories include security and reliability issues.

03

Tools target multiple IaC platforms.

Abstract

The increasing use of Infrastructure as Code (IaC) in DevOps leads to benefits in speed and reliability of deployment operation, but extends to infrastructure challenges typical of software systems. IaC scripts can contain defects that result in security and reliability issues in the deployed infrastructure: techniques for detecting and preventing them are needed. We analyze and survey the current state of research in this respect by conducting a literature review on static analysis techniques for IaC. We describe analysis techniques, defect categories and platforms targeted by tools in the literature.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.