Solution

PIACERE will support the different DevSecOps activities. Using a single integrated environment to develop (IDE) infrastructural code will unify the automation of the main DevSecOps activities and will shorten the learning curve for new DevSecOps teams.

PIACERE will allow DevSecOps teams to model different infrastructure environments, by means of abstractions, through a novel DevOps Modelling Language (DOML), thus hiding the specificities and technicalities of the current solutions and increasing the productivity of these teams. Moreover, PIACERE will also provide an extensible Infrastructural Code Generator (ICG), translating DOML into source files for different existing IaC tools, to reduce the time needed for creating infrastructural code for complex applications. The provided extensibility mechanisms (DOML-E) shall ensure the sustainability and longevity of the PIACERE approach and tool-suite (new languages and protocols that can appear in the near future). The DevOps Modelling Language (DOML) is one of the key innovations of PIACERE, because it allows modelling the automation of the whole lifecycle of DevSecOps activities, from Creation to Configuration, and from Deployment to Orchestration and producing executable infrastructural code from the DOML model through the ICG code generator.

Another key innovation of PIACERE is a comprehensive toolkit for verification and trustworthiness. Firstly, a verification tool (VT), that will apply static analysis to both the abstract model and the related infrastructural code, to execute consistency checks and other quality verifications according to identified best practices. Secondly, an IaC Code Security Inspector that will offer a form of Static Analysis Security Testing (SAST) by checking the IaC code against the known cybersecurity issues (misconfigurations, use of non-secure libraries, non-secure configuration patterns). Thirdly, a Component Security Inspector that by analysing also the IaC code, reports the potential vulnerabilities and proposes potential fixes. Fourth, a Canary environment that will allow unit testing of the behaviour of the infrastructural code on an isolated environment, which would enable the simulation of conditions for the production environment and identify some of the most common anti-patterns. In the Ops part of the DevSecOps lifecycle, PIACERE also presents several key innovations: The Optimized Platform (IOP) will present the DevSecOps teams with the most appropriate deployment configurations that best meet their defined constraints out of their catalogue of services, resources and infrastructural elements by means of optimization algorithms. The Execution Platform will automatically plan, prepare, and provision the infrastructure and plan, prepare, and install the corresponding software elements needed for the application to seamlessly run. At runtime, PIACERE will continuously monitor the metrics associated with the defined measurable NFRs (e.g. performance, availability, and security through theruntime security monitoring) and will be able to self-learn, implementing machine-learning algorithms, and realizing an incremental learning strategy by continuously analysing divergences in the decision boundaries and detecting anomalies in the metrics being collected while retaining only the most up to date data to avoid model degradation. Whenever these self-learning mechanisms detect an anomaly or a potential SLA violation, an alarm will be triggered, and a self-healing mechanism launched. A self-healing mechanism will entail to launch again an optimization algorithm for the actual problem domain and an automatic execution platform, monitoring and so on.

 

PIACERE Framework

The PIACERE expected Benefits are:

  • Making the creation of such infrastructural code more accessible to the DevSecOps teams
  • Increasing the quality, security, trustworthiness and evolvability of infrastructural code
  • Ensuring business continuity by providing self-healing mechanisms anticipation of failures and violations
  • Allowing IaC to self-learn from previous conditions that triggered un-expected situations