Pattern Mining and Static Analysis for Detecting Defects in Infrastructure as Code

Infrastructure as Code (IaC) has gained a lot of traction in the software-intensive industry as a platform-supported approach to automatically manage and deploy infrastructure. Empirical research, however, shows that defects in IaC files are ubiquitous, leading to unreliable infrastructures which may result in devastating service outages.
Although the industry is calling for better technologies to detect such defects during development, the state of the research on technologies to support the development of IaC files, is still in its infancy. Existing approaches suffer from a multitude of problems, severely limiting their ability to detect non-trivial defects and their relevance on the longer term. This proposal describes new approaches to defect detection which will support IaC practitioners to develop high quality and reliable IaC files. Concretely, we propose language-agnostic static analysis techniques to:
1) Verify the infrastructure configuration state without executing the IaC files;
2) Check for mismatches between the infrastructure and the application’s architecture;
3) Autonomously identify new defect detection rules by mining corpora of IaC files. As the approaches are language-agnostic and make use of data mining to identify new types of defects, they remain applicable even when the IaC domain evolves and new languages are developed. As such, the produced research output is timeless, and can be used to detect subtle IaC defects long into the future