Polyglot Code Smell Detection for Infrastructure as Code with GLITCH
Nuno Saavedra, Jo\~ao Gon\c{c}alves, Miguel Henriques, Jo\~ao F., Ferreira, and Alexandra Mendes
TL;DR
GLITCH is a versatile framework that automates polyglot code smell detection across various Infrastructure as Code languages, improving accuracy and reducing effort compared to existing tools.
Contribution
It introduces an intermediate representation enabling technology-agnostic detection of security and design smells in multiple IaC languages.
Findings
GLITCH detects 18 types of code smells in IaC scripts.
It outperforms current state-of-the-art tools in precision and recall.
Reduces effort in multi-language code smell analysis.
Abstract
This paper presents GLITCH, a new technology-agnostic framework that enables automated polyglot code smell detection for Infrastructure as Code scripts. GLITCH uses an intermediate representation on which different code smell detectors can be defined. It currently supports the detection of nine security smells and nine design & implementation smells in scripts written in Ansible, Chef, Docker, Puppet, or Terraform. Studies conducted with GLITCH not only show that GLITCH can reduce the effort of writing code smell analyses for multiple IaC technologies, but also that it has higher precision and recall than current state-of-the-art tools. A video describing and demonstrating GLITCH is available at: https://youtu.be/E4RhCcZjWbk
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Engineering Research · Advanced Malware Detection Techniques · Security and Verification in Computing