Lead Partner: JADS 

Contributors: JADS, CERTH, XLAB


Pain / Gain

Bug Detection
  • Problem: To build high-quality IaC artifacts, the users need to follow the recommended best practices of developing IaC scripts and avoid applying the bad practices. Still, they can inadvertently introduce errors, smells and bugs to the IaC code.  
  • Solution: The users need a tool that can help them to easily and interactively check the quality of the IaC code they develop, and to get recommendations on how to fix any detected quality issue.  
  • Value: The ability to develop high-quality defect-free error-free IaC codes 


  • Functionality: Provide a tool to detect various quality issues such as errors, smells, antipatterns, bugs in IaC artifacts (TOSCA and Ansible). A demonstrator for the IaC verification, bug prediction and correction is available as a live demonstrator.
  • Technology: Detection of linguistic anti-patterns and misconfigurations in IaC using data-driven techniques such as machine learning, deep learning, and natural language processing.  Detection of various smells in IaC using semantic reasoning and rule-based models.
  • Status: The SODALITE team has the sufficiently complete taxonomies of IaC best/bad practices, smells, and bugs. Our tool (defect prediction) can verify IaC codes for some errors, can find some smells, and can find linguistic anti-patterns. The taxonomies have been improved and validated. The tool will be improved to support more verification cases, detect more smells and misconfiguration errors,  and recommend fixes for some detected smells.

What's Unique

Bug Detection
  • Differentiator: The existing tools for quality assurance of IaC lack the use of data-driven techniques and taxonomies. The detection of linguistic anti-patterns and misconfigurations are not supported. According to a recent report on Cloud Threat, nearly 200,000 insecure IaC templates were found among IaC scripts used by a set of enterprises, and  65% of cloud incidents are due to misconfigurations.  
  • Innovation: Data-driven techniques for predicting defects in IaC, Semantic web techniques for detecting smells in IaC, A unified catalog of IaC best/bad practices, smells,  and bugs
  • Partnerships: JADS, POLIMI and ATOS are important actors in the most recent developments in what regards the identification of errors/smells/bugs in the IaC