{"id":19864201,"url":"https://github.com/sr-lab/glitch","last_synced_at":"2025-05-02T05:30:45.130Z","repository":{"id":37243767,"uuid":"453066827","full_name":"sr-lab/GLITCH","owner":"sr-lab","description":"GLITCH is a technology-agnostic framework that enables automated detection of code smells in Infrastructure-as-Code scripts.","archived":false,"fork":false,"pushed_at":"2025-03-26T11:10:13.000Z","size":4213,"stargazers_count":21,"open_issues_count":23,"forks_count":6,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-13T19:34:45.221Z","etag":null,"topics":["ansible","chef","iac","linter","puppet","smell-detector"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sr-lab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-01-28T12:53:43.000Z","updated_at":"2025-03-06T17:39:42.000Z","dependencies_parsed_at":"2025-04-13T19:45:00.871Z","dependency_job_id":null,"html_url":"https://github.com/sr-lab/GLITCH","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sr-lab%2FGLITCH","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sr-lab%2FGLITCH/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sr-lab%2FGLITCH/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sr-lab%2FGLITCH/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sr-lab","download_url":"https://codeload.github.com/sr-lab/GLITCH/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251992602,"owners_count":21677018,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","chef","iac","linter","puppet","smell-detector"],"created_at":"2024-11-12T15:17:47.187Z","updated_at":"2025-05-02T05:30:40.122Z","avatar_url":"https://github.com/sr-lab.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GLITCH\n\n[![DOI](https://zenodo.org/badge/453066827.svg)](https://zenodo.org/badge/latestdoi/453066827)\n[![License: GPL-3.0](https://badgen.net/github/license/sr-lab/GLITCH)](https://www.gnu.org/licenses/gpl-3.0)\n[![Python Version](https://img.shields.io/badge/python-3.10+-blue)](https://www.python.org/downloads/)\n[![Last release](https://badgen.net/github/release/sr-lab/GLITCH/)](https://github.com/sr-lab/GLITCH/releases)\n\n![alt text](https://github.com/sr-lab/GLITCH/blob/main/logo.png?raw=true)\n\nGLITCH is a technology-agnostic framework that enables automated detection of IaC smells. GLITCH allows polyglot smell detection by transforming IaC scripts into an intermediate representation, on which different smell detectors can be defined. GLITCH currently supports the detection of nine different security smells [1, 2] and nine design \u0026 implementation smells [3] in scripts written in Puppet, Ansible, or Chef.\n\n\n\n## Paper and Academic Usage\n\"[GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code](https://arxiv.org/abs/2205.14371)\" is the main paper that describes the implementation of security smells in GLITCH. It also presents a large-scale empirical study  that analyzes security smells on three large datasets containing 196,755 IaC scripts and 12,281,251 LOC.\n\n**If you use GLITCH or any of its datasets, please cite:**\n\n - Nuno Saavedra and João F. Ferreira. 2022. [GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code](https://arxiv.org/abs/2205.14371). In 37th IEEE/ACM International Conference on Automated Software Engineering (ASE ’22), October 10–14, 2022, Rochester, MI, USA. ACM, New York NY, USA, 12 pages. https://doi.org/10.1145/3551349.3556945  \n \n\n ```\n @inproceedings{saavedraferreira22glitch,\n  title={{GLITCH}: Automated Polyglot Security Smell Detection in Infrastructure as Code},\n  author={Saavedra, Nuno and Ferreira, Jo{\\~a}o F},\n  booktitle={Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering},\n  year={2022}\n}\n ```\n\n- \tNuno Saavedra, João Gonçalves, Miguel Henriques, João F. Ferreira, Alexandra Mendes. 2023. [Polyglot Code Smell Detection for Infrastructure as Code with GLITCH](https://arxiv.org/pdf/2308.09458.pdf). In 38th IEEE/ACM International Conference on Automated Software Engineering (ASE '23), September 11-15, 2023, Luxembourg.\nhttps://doi.org/10.1109/ASE56229.2023.00162\n\n```\n@inproceedings{saavedra23glitchdemo,\n  author={Saavedra, Nuno and Gonçalves, João and Henriques, Miguel and Ferreira, João F. and Mendes, Alexandra},\n  booktitle={2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)}, \n  title={Polyglot Code Smell Detection for Infrastructure as Code with GLITCH}, \n  year={2023},\n  pages={2042-2045},\n  doi={10.1109/ASE56229.2023.00162}\n}\n```\n\n## Installation\n\nTo install run:\n```\npython -m pip install -e .\n```\n\nTo use the tool for Chef you also need Ruby and its Ripper package installed.\n\n### Poetry\n\nTo install GLITCH using Poetry, run:\n```\npoetry install\n```\n\n**WARNING**: _For now, the GLITCH VSCode extension does not function if GLITCH \nis installed via Poetry. Since Poetry uses virtual environments it does not \ncreate a binary for GLITCH available in the user's PATH, which is required for \nthe VSCode extension._\n\n## Usage\n\nTo explore all available options, use the command:\n```\nglitch --help\n```\n\nTo analyze a file or folder and retrieve CSV results, use the following command:\n```\nglitch --tech (chef|puppet|ansible|terraform) --csv --config PATH_TO_CONFIG PATH_TO_FILE_OR_FOLDER\n```\n\nIf you want to consider the module structure you can add the flag ```--module```.\n\n### Poetry\n\nIf GLITCH was installed using Poetry, execute GLITCH commands as follows:\n```\npoetry run glitch --help\n```\n\nAlternatively, you can use `poetry shell`:\n```\npoetry shell\nglitch --help\n```\n\n## Tests\n\nTo run the tests for GLITCH go to the folder ```glitch``` and run:\n```\npython -m unittest discover tests\n```\n\n## Configs\n\nNew configs can be created with the same structure as the ones found in the folder ```configs```.\n\n## Documentation\n\nMore information can be found in [GLITCH's documentation](https://github.com/sr-lab/GLITCH/wiki).\n\n## VSCode extension\n\nGLITCH has a Visual Studio Code extension which is available [here](https://github.com/sr-lab/GLITCH/tree/main/vscode-extension/glitch).\n\n## Contributing\nPull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.\n\nPlease make sure to update tests as appropriate.\n\n## License\n[GPL-3.0](https://choosealicense.com/licenses/gpl-3.0/)\n\n## References\n\n\u003csub\u003e[1] Rahman, A., Parnin, C., \u0026 Williams, L. (2019, May). The seven sins: Security smells in infrastructure as code scripts. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE) (pp. 164-175). IEEE.\u003c/sub\u003e\n\n\u003csub\u003e[2] Rahman, A., Rahman, M. R., Parnin, C., \u0026 Williams, L. (2021). Security smells in ansible and chef scripts: A replication study. ACM Transactions on Software Engineering and Methodology (TOSEM), 30(1), 1-31.\u003c/sub\u003e\n\n\u003csub\u003e[3] Schwarz, J., Steffens, A., \u0026 Lichter, H. (2018, September). Code smells in infrastructure as code. In 2018 11th International Conference on the Quality of Information and Communications Technology (QUATIC) (pp. 220-228). IEEE.\u003c/sub\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsr-lab%2Fglitch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsr-lab%2Fglitch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsr-lab%2Fglitch/lists"}