Research output per year
Research output per year
Project Details
Description
Infrastructure as Code (IaC) has gained a lot of traction in the software-intensive industry as a platform-supported approach to automatically manage and deploy infrastructure. Empirical research, however, shows that defects in IaC files are ubiquitous, leading to unreliable infrastructures which may result in devastating service outages.
Although the industry is calling for better technologies to detect such defects during development, the state of the research on technologies to support the development of IaC files, is still in its infancy. Existing approaches suffer from a multitude of problems, severely limiting their ability to detect non-trivial defects and their relevance on the longer term. This proposal describes new approaches to defect detection which will support IaC practitioners to develop high quality and reliable IaC files. Concretely, we propose language-agnostic static analysis techniques to:
1) Verify the infrastructure configuration state without executing the IaC files;
2) Check for mismatches between the infrastructure and the application’s architecture;
3) Autonomously identify new defect detection rules by mining corpora of IaC files. As the approaches are language-agnostic and make use of data mining to identify new types of defects, they remain applicable even when the IaC domain evolves and new languages are developed. As such, the produced research output is timeless, and can be used to detect subtle IaC defects long into the future
Although the industry is calling for better technologies to detect such defects during development, the state of the research on technologies to support the development of IaC files, is still in its infancy. Existing approaches suffer from a multitude of problems, severely limiting their ability to detect non-trivial defects and their relevance on the longer term. This proposal describes new approaches to defect detection which will support IaC practitioners to develop high quality and reliable IaC files. Concretely, we propose language-agnostic static analysis techniques to:
1) Verify the infrastructure configuration state without executing the IaC files;
2) Check for mismatches between the infrastructure and the application’s architecture;
3) Autonomously identify new defect detection rules by mining corpora of IaC files. As the approaches are language-agnostic and make use of data mining to identify new types of defects, they remain applicable even when the IaC domain evolves and new languages are developed. As such, the produced research output is timeless, and can be used to detect subtle IaC defects long into the future
| Acronym | FWOSB103 |
|---|---|
| Status | Finished |
| Effective start/end date | 1/11/20 → 31/10/24 |
Keywords
- Infrastructure as Code
- Defect detection
- Pattern mining
Flemish discipline codes in use since 2023
- Cloud computing
- Coding tools and techniques, testing and debugging
- Software engineering
- Data mining
- Programming languages and technologies
Fingerprint
Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.
-
Analysing Software Supply Chains of Infrastructure as Code: Extraction of Ansible Plugin Dependencies
Opdebeeck, R., Adams, B. & De Roover, C., Mar 2025, Proceedings - 2025 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2025. IEEE, p. 181-192 12 p. (Proceedings - 2025 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2025).Research output: Chapter in Book/Report/Conference proceeding › Conference paper
Open Access -
Static analysis for quality assurance of Ansible infrastructure-as-code artefacts
Opdebeeck, R., 2024, Crazy Copy Center Productions. 156 p.Research output: Thesis › PhD Thesis
Open AccessFile77 Downloads (Pure) -
Control and Data Flow in Security Smell Detection for Infrastructure as Code: Is It Worth the Effort?
Opdebeeck, R., Zerouali, A. & De Roover, C., 15 May 2023, Proceedings of the 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR 2023). IEEE, p. 534-545 12 p. (Proceedings - 2023 IEEE/ACM 20th International Conference on Mining Software Repositories, MSR 2023).Research output: Chapter in Book/Report/Conference proceeding › Conference paper
Open AccessFile16 Citations (Scopus)354 Downloads (Pure)
Datasets
-
Replication package for the Docker Inheritance network analysis
Opdebeeck, R. (Creator), Lesy, J. S. (Creator), Zerouali, A. (Creator) & De Roover, C. (Creator), Zenodo, 6 Jul 2023
Dataset
-
Replication package for the Helm charts empirical study
Zerouali, A. (Creator), Opdebeeck, R. (Creator) & De Roover, C. (Creator), Zenodo, 19 Jan 2023
Dataset
-
Replication package for "Control and Data Flow in Security Smell Detection for Infrastructure as Code: Is It Worth the Effort?"
Opdebeeck, R. (Creator), Zerouali, A. (Creator) & De Roover, C. (Supervisor), figshare, 15 Mar 2023
DOI: 10.6084/m9.figshare.21929856
Dataset
Activities
-
Software Composition Analysis – Covering Infrastructure as Code
Ruben Opdebeeck (Speaker)
14 Nov 2024Activity: Talk or presentation › Talk at a festival/exhibition
File -
The Docker Hub Image Inheritance Network: Construction and Empirical Insights
Ruben Opdebeeck (Speaker)
2 Oct 2023Activity: Talk or presentation › Talk or presentation at a conference
File -
2nd Summer School on Security Testing and Verification
Ruben Opdebeeck (Participant)
11 Sept 2023 → 13 Sept 2023Activity: Participating in or organising an event › Participation in workshop, seminar