A Legacy of DevSecOps Innovation for a Secure Future

January 24, 2024 - Words by Joao Pita Costa

January 24, 2024
Words by Joao Pita Costa

As we have recently reached the end of PIACERE project, let’s take a look back at the impact we’ve made on the DevSecOps momentum in the past three years. The collaborative efforts of 8 project partners resulted in valuable open-source tools, opening new avenues for innovative research in the future. PIACERE stands as a testament, providing seamless access to an integrated DevSecOps framework for developing, verifying, releasing, configuring, provisioning, and monitoring Infrastructure as Code (IaC).

PIACERE’s approach to IaC Lifecycle Management

Effectively navigating the complexities of modern IT infrastructure poses a significant challenge, as balancing the need for increased speed, quality, and security while minimizing costs is a delicate task. Automation, cloud technology, and software-defined infrastructure emerge as pivotal players in this transformative journey. The synergy between software developers and infrastructure operators, exemplified in continuous delivery (DevOps), has reshaped infrastructure management. Infrastructure as Code (IaC) programmatically defines and automates tasks, enhancing efficiency and allowing code reuse and optimization. However, trust remains a critical hurdle and this is where PIACERE took action and successfully launched a comprehensive solution addressing the lifecycle of IaC with an integrated set of tools and practices, emphasizing trust, security, and DevSecOps principles, ultimately elevating productivity and reliability.

An innovative DevSecOps framework and toolset to develop, verify, release, configure, provision, and monitor Infrastructure as Code is mostly open-source and ready to integrate in your workflow. PIACERE’s full stack technology, provides you with an all-in-one IaC solution accessible through an Eclipse-based Integrated Development Environment (IDE), allowing for modelling application deployment, modelling infrastructure applications and refactoring possibilities. Learn more about PIACERE Key Exploitable Results here.

A Consortium’s Toolbox for DevSecOps Excellence

XLAB played a crucial role in shaping PIACERE’s design-time security by implementing a strategy that helps regain trust in IaC through the DOML (DevSecOps Modelling Language), verification and the automation of IaC code quality checking for errors and vulnerable dependencies. This involves leveraging verification and automation of IaC code quality checks, with the open-source solution IaC Scan Runner allowing users to identify errors and vulnerable dependencies in the code, enhancing IaC integrity and applicability. The approach helps reduce errors in deployment procedures, making it easier to quickly spot malfunctions or changes in IaC.

Our team efficiently applied the knowledge gained from the project to enhance and upgrade our products and services. IaC Scan Runner serves as an important foundation for our Steampunk Spotter, Ansible Playbook Platform that scans, analyzes, enhances, and provides insights for your playbooks.

During runtime, XLAB’s approach ensures continuous adherence to Quality of Service (QoS) conditions, minimizing the likelihood of failures or non-compliance with Non-Functional Requirements (NFRs). PIACERE’s intelligent Runtime Security includes an automated monitoring system, promptly detecting security events and notifying users about potential threats.

This builds on other innovations brought by this project’s consortium the first of which being DOML, developed by Politecnico di Milano, enhancing the capabilities of DevSecOps teams, both expert and non-expert, to model complex provisioning, deployment, and configuration needs. It provides a set of abstractions for execution environments, enabling their composition into machine-readable representations. DOML, along with the IaC Code Generator, developed by HPE, empowers DevSecOps teams to create accurate infrastructure models for provisioning, configuration management, deployment, and self-healing. The project’s coordinator TECNALIA contributes with the IaC Execution Manager, simplifying the development and maintenance of IaC for diverse infrastructures, supporting multilingualism in one tool, and with the IaC Optimization Platform, employing optimization algorithms to determine optimal deployment configurations from the DevSecOps catalog, presenting ranked options for user selection. 7BULLS introduces a revolutionary Canary Sandbox Environment for unit testing infrastructural code behavior in an isolated setting, simulating production conditions and identifying common anti-patterns—an unparalleled solution for realistic test deployments.

From research to real-world impact

Over the past three years, we’ve achieved significant milestones in research and development. Our technology has been successfully validated in three use case scenarios – the Slovenian Ministry of Digital Transformation, Valencian smart transport technology provider Prodevelop, and the Italian branch of Ericsson.

Despite the challenges posed by the COVID-19 restrictions during our initial phase, we conducted 9 general assembly meetings in 4 European cities, including one that we had the pleasure of organizing in Ljubljana. Additionally, we organized several remote meetings, published 26 research papers, and actively participated in over 50 industrial and academic events. Throughout these efforts, we presented our 6-component technology, built on 22 Intellectual Property results, reflecting the outstanding innovation that XLAB has significantly contributed to achieving as technical coordinator, innovation manager and automation and security expert in the project.

Our team also took part in Red Hat Summit Connect in Madrid, organized by Red Hat, the world’s largest open-source company. The event happened at the Atletico de Madrid stadium, adding a unique touch to the experience. We engaged with visitors, discussing the potential and challenges of DevSecOps. Given the event’s focus, we pitched PIACERE’s capabilities within the Ansible framework and during the event, our team presented two micro presentations on Ansible upgrades and Custom policies. We also introduced Steampunk Spotter, the enterprise version of the open-source IaC Scan Runner, that XLAB developed together with the PIACERE partners. It was great seeing our joint research turn into practical solutions that help businesses, big and small, tackle real-world challenges.

Our team in full action at the Red Hat Summit Connect in Madrid

Our team in full action at the Red Hat Summit Connect in Madrid

Thank you Tecnalia, Prodevelop, Politecnico di Milano, Ericsson, Hewlett Packard, Ministry of Public Administration, Republic of Slovenia, and 7bulls.com for a great collaboration. We look forward to future projects as successful as this.

The amazing PIACERE team at the project meeting in the most beautiful city in the world, Ljubljana.

The amazing PIACERE team at the project meeting in the most beautiful city in the world, Ljubljana.