The DevSecOps Modelling Language will be the tool provided to the DevSecOps team to facilitate the development of infrastructural models.
DevSecOps teams will use the DOML through an IDE, which will seamlessly integrate the design, development and verification of the infrastructure with the traditional application lifecycle.
The ICG will be able to create infrastructural code, generating it from models written in DOML.
These will allow new infrastructural components and IaC tools to be incorporated in the DOML language, be they for software execution, network communication, cloud services, or data storage.
VT will be a suite of static analysis and model checking tools aiming at verifying that models and resulting pieces of code fulfill specific properties, ranging from consistency of the model to non-functional aspects such as safety, performance, and privacy properties related to the exchange of data among software components.
Will offer a form of Static Analysis Security Testing by checking the IaC code against known cybersecurity issues (e.g. misconfigurations, use of insecure coding and configuration patterns).
The objective of the Component Security Inspector is to check for known security vulnerabilities in software components, imported by the target application.
The Canary Sandbox Environment aims at enabling isolated execution and testing of Infrastructure as Code behaviour (i.e., Kitchen), simulating the conditions of the production environment.
This platform consists of two components. On one hand, it will include a catalogue of infrastructural elements (e.g. (edge, node) computation, networks, cloud services (e.g. IaaS, PaaS, SaaS)) classifiable by a set of constraints (e.g. memory, disk, …). On the other hand, it will include an Optimizer, which, using optimization algorithms, seeks for an optimized deployment configuration of the IaC on the appropriate infrastructural elements that best meet the predefined constraints.
The main goal of the execution platform is to automatically plan, prepare, and provision the infrastructure and plan, prepare, and install the corresponding software elements needed for the application to seamlessly run.
In order to always ensure the business continuity of the IaC with respect to the pre-selected Non-Functional Requirements (NFRs), a monitoring component will be put into place. This monitoring component will not only ensure that the conditions are met, but also that a failure or a non-compliance of a NFRs is not likely to occur.
In complex systems, verification encompasses the operation of the system. The system undergoes through a continuous runtime verification for what concerns any security violation.
This will integrate into a single platform and in a comprehensive DevSecOps methodology for IaC all KRs listed above.
Use cases will offer PIACERE partners the possibility to assess the usefulness and suitability of the PIACERE approach and toolset in real industrial cases from important and challenging application domains.