The PIACERE solution provides:

A new generation DevSecOps framework for infrastructural code (IaC) supporting the creation of such code, increasing its quality, security, trustworthiness and evolvability while ensuring the business continuity by providing self-healing mechanisms anticipating to failures and violations, and self-learning from the conditions that triggered such re-adaptations.

IaC DevSec

Result: DevOps Modelling Language [DOML]

DevOps Modelling Language

Result: Infrastructural Code Generator [ICG]

Infrastructural Code Generator [ICG]

Result: Verification Tool [VT]

Verification Tool [VT]

Creation of IaC models based on the NFRs
  • Definition of the topology and properties of the infrastructure
  • Abstraction from the specifities of the IaC language and protocol
  • Extendible
Automatic IaC generation based on the models
  • Most prominent target IaC environments and languages (e.g. Terraform, Ansible, TOSCA)
  • Code generation for provisioning and deployment orchestrators, configuration management environments, monitoring platforms and networks APIs.
Models and code vertification
  • Verification of the models
  • Code syntactic correctness, consistency and ability to fulfil specific non-functional properties verification
  • SAST and security inspector components
IaC design, development and verification
  • Integration of the IaC Sec Dev process


IaC SecOps

Result: Canary environment, IaC Optimized Platform

Canary environment,  IaC  Optimized Platform

Result: IaC Execution Platform

IaC Execution Platform

Result: runtime monitoring, Self-learning and self-healing mechanisms

runtime monitoring,  Self-learning and  self-healing mechanisms

IaC simulation
  • Isolated execution and testing of Infrastructure as Code behavior
  • Identification of potential vulnerabilities and bottlenecks
  • Catalogue of services and infrastructural elements
  • Optimization combination of services and infrastructural elements
Automatic IaC execution
  • Creation of the deployment plan
  • Interdependencies management
  • Distribution to the subsystems that perform the actual provisioning (e.g. creating virtual machines using proper IaaS connector, installing software packages or adjusting application configuration using Ansible)
IaC intelligent monitoring
  • Execution logs
  • Run time security verification
  • QoS assurance through self learning and self-healing mechanisms
IaC (Pre-)deployment
Automatic re-deployment and adaptation
  • To ensure that their infrastructural code is always conforming to the SLAs committed with the end-user even if the environmental situation changes