Currently, the PIACERE research team has submitted a paper to the 1st International Workshop on the Foundations of Infrastructure Specification and Testing (FIST) 2022. We identified four topics more closely studied in IaC-related publications, as follows:
RQ1: IaC tool that is the most useful for the purposes of the project
RQ2: Modelling approaches supporting the generation of IaC
RQ3: Compilers and parsers approach and architectures
RQ4: Security analysis techniques
Fig. 1. Coverage of the analyzed articles on the research questions
Our research aims to draw attention to those topics and to report on the important role of IaC and security in the Software Engineering field.
- The presented structured literature review (SLR) paper is not exhaustive: it does not cover all possible literature sources. This SLR paper excluded from the analysis the grey literature: books, white-papers, blogs and posts;
- Sampling bias could come from articles being missed due to our specific search strings and keywords, as well as to the search strategy, although some precautions have been implemented to minimize this bias;
- We can analyze the way each study is reported rather than how it was done;
- Our analysis reveals that more methodological detail is needed and suggests a specific methodology like PRISMA to be followed in future articles.
Our analysis reveals that only 22 papers out of the identified 77 primary studies propose systematic literature reviews orsurveys (28,5%) as you could see in Fig. 1. However, those one do not follow a structured methodology to perform a systematic literature review and are limited in terms of the breadth of the RQs.
We acknowledged that taxonomies, surveys, literature reviews or tools are well-investigated topics in the IaC research. As security reflects greatly to the deployment and development environments in DevSecOps, we highlighted the great need for research in the field of IaC security.
We presented an extensive study on the generation of the Infrastructure as Code modeling approaches, compilers and parsers approach and architectures, as well as the security analysis techniques. We also offer an integrated guidance for conducting and reporting SLR in Software Engineering by using the PRISMA methodology;
- We also aimed to identify key gap areas that need further research in the future;
- We enumerated substantial challenges in Software Engineering and calculated rates of interest in the literature, finding that RQ2 is the most popular topic;
- We also discussed related work and the positioning of our systematic literature study versus existing attempts, while also identifying seven papers that pertain to all of our RQs.