GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code. (arXiv:2205.14371v2 [cs.CR] UPDATED)

Infrastructure as Code (IaC) is the process of managing IT infrastructure via
programmable configuration files (also called IaC scripts). Like other software
artifacts, IaC scripts may contain security smells, which are coding patterns
that can result in security weaknesses. Automated analysis tools to detect
security smells in IaC scripts exist, but they focus on specific technologies
such as Puppet, Ansible, or Chef. This means that when the detection of a new
smell is implemented in one of the tools, it …

automated code detection glitch infrastructure infrastructure as code polyglot security