Chat GPT-Based Design-Time DevSecOps

Adoption of DevOps-enabled software development has become one of constituent processes within the workflow behind competitive organizations in any area of industry. Its main purpose consists of automation when it comes to steps of development, testing and deployment, aiming to achieve continuous integration and delivery of products and services. On the other side, these highly automatized steps are prone to security flaws and various types of vulnerabilities, which could have fatal consequences, especially in critical domains of usage, such as sensitive usage scenarios related to public infrastructure and healthcare. For that reason, the so-called DevSecOps has emerged, whose main scope are security concerns in DevOps-based automated workflows. In this paper, Python API of novel ChatGPT conversational agent service is leveraged for static code analysis of Infrastructure as Code (IaC) scripts. Moreover, we perform aggregation and post-processing of results returned by ChatGPT, making them more useful when it comes to end-users, such as DevOps engineers and system administrators. When it comes to evaluation, we focus on Ansible and Terraform IaC script case studies.