A systematic mapping study of infrastructure as code research

作     者：Rahman, Akond Mandavi-Hezaveh, Rezvan Williams, Laurie 

作者机构：North Carolina State Univ Raleigh NC 27695 USA 

出 版 物：《INFORMATION AND SOFTWARE TECHNOLOGY》 (信息与软件技术)

年 卷 期：2019年第108卷第Apr.期

页      面：65-77页

核心收录：

学科分类：08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Science of Security Lablet at the North Carolina State University 

主　　题：Devops Configuration as code Configuration script Continuous deployment Infrastructure as code Software engineering Systematic mapping study 

摘      要：Context: Infrastructure as code (IaC) is the practice to automatically configure system dependencies and to provision local and remote instances. Practitioners consider IaC as a fundamental pillar to implement DevOps practices, which helps them to rapidly deliver software and services to end-users. Information technology (IT) organizations, such as GitHub, Mozilla, Facebook, Google and Netflix have adopted IaC. A systematic mapping study on existing IaC research can help researchers to identify potential research areas related to IaC, for example defects and security flaws that may occur in IaC scripts. Objective: The objective of this paper is to help researchers identify research areas related to infrastructure as code (IaC) by conducting a systematic mapping study of IaC-related research. Method We conduct our research study by searching five scholar databases. We collect a set of 31,498 publications by using seven search strings. By systematically applying inclusion and exclusion criteria, which includes removing duplicates and removing non-English and non peer-reviewed publications, we identify 32 publications related to IaC. We identify topics addressed in these publications by applying qualitative analysis. Results: We identify four topics studied in IaC-related publications: (i) framework/tool for infrastructure as code;(ii) adoption of infrastructure as code;(iii) empirical study related to infrastructure as code;and (iv) testing in infrastructure as code. According to our analysis, 50.0% of the studied 32 publications propose a framework or tool to implement the practice of IaC or extend the functionality of an existing IaC tool. Conclusion: Our findings suggest that framework or tools is a well-studied topic in IaC research. As defects and security flaws can have serious consequences for the deployment and development environments in DevOps, we observe the need for research studies that will study defects and security flaws for IaC.