A Systematic Mapping Study of Infrastructure as Code Research

Akond Rahman, Rezvan Mahdavi-Hezaveh, and Laurie Williams in Journal of Information and Software Technology (IST), 2019 Pre-print

Infrastructure as code (IaC) is the practice to automatically configure system dependencies and to provision local and remote instances. Practitioners consider IaC as a fundamental pillar to implement DevOps practices, which helps them to rapidly deliver software and services to end-users. Information technology (IT) organizations, such as GitHub, Mozilla, Facebook, Google and Netflix have adopted IaC. A systematic mapping study on existing IaC research can help researchers to identify potential research areas related to IaC, for example defects and security flaws that may occur in IaC scripts. The objective of this paper is to help researchers identify research areas related to infrastructure as code (IaC) by conducting a systematic mapping study of IaC-related research. We conduct our research study by searching five scholar databases. We collect a set of 31,498 publications by using seven search strings. By systematically applying inclusion and exclusion criteria, which includes removing duplicates and removing non-English and non peer-reviewed publications, we identify 32 publications related to IaC. We identify topics addressed in these publications by applying qualitative analysis. We identify four topics studied in IaC-related publications: (i) framework/tool for infrastructure as code, (ii) adoption of infrastructure as code, (iii) empirical studies related to infrastructure as code, and (iv) testing in infrastructure as code. According to our analysis, 50.0% of the studied 32 publications propose a framework or tool to implement the practice of IaC or extend the functionality of an existing IaC tool. Our findings suggest that framework or tools is a well-studied topic in IaC research. As defects and security flaws can have serious consequences for the deployment and development environments in DevOps, we observe the need for research studies that will study defects and security flaws for IaC.