Strategies to Mitigate Configuration Differences in Software Development: A Rapid Review of Grey Literature
DOI:
https://doi.org/10.5753/jserd.2025.4378Keywords:
Software Configuration Management, Software development, Rapid Review, Grey literature, Mitigation strategiesAbstract
Context: Configuration differences between development and production environments can lead to system failures, data loss, and security vulnerabilities. Practitioners have acknowledged the need to handle these differences. This study aims to provide insights and best practices for mitigating configuration differences between development and production environments in software development through a rapid review (RR) of Grey Literature (GL). Methods: The research method for data collection involves a Rapid Review of the GL. It also employs a thematic analysis to understand the collected data. Results: The study identified nine strategies that help practitioners to mitigate configuration differences between development and production environments, including credentials of access. Examples of these strategies include Automated Deployment Pipeline, Configuration Management Plan (CMP), and PaaS Deployment. We also provide insights into how these strategies contribute to reducing the risk of configuration-related issues and ensuring the smooth and reliable operation of software systems. Additionally, it suggests potential cost-saving methods for mitigating configuration differences. Conclusions: This study emphasizes the importance of understanding the strategies employed to mitigate the risks associated with managing configuration differences in software development projects. By delivering practical guidance and insights, this study has the potential to help IT operations and software development projects to have a deeper comprehension of software configuration management strategies and best practices.
Downloads
References
Adams, J., Hillier-Brown, F. C., Moore, H. J., Lake, A. A., Araujo-Soares, V., White, M., and Summerbell, C. (2016). Searching and synthesising ‘grey literature’and ‘grey information’in public health: critical reflections on three case studies. Systematic reviews, 5(1):1–11.
Adams, R. J., Smart, P., and Huff, A. S. (2017). Shades of grey: guidelines for working with the grey literature in systematic reviews for management and organizational studies. International Journal of Management Reviews, 19(4):432–454.
Cartaxo, B., Pinto, G., and Soares, S. (2018). The role of rapid reviews in supporting decision-making in software engineering practice. In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018, pages 24–34, New York, NY, United States. Association for Computing Machinery.
Cruzes, D. S. and Dyba, T. (2011). Recommended steps for thematic synthesis in software engineering. In 2011 international symposium on empirical software engineering and measurement, pages 275–284, none. IEEE, none.
Ebert, C., Gallardo, G., Hernantes, J., and Serrano, N. (2016). Devops. Ieee Software, 33(3):94–100.
Fitzgerald, B. and Stol, K.-J. (2017). Continuous software engineering: A roadmap and agenda. Journal of Systems and Software, 123:176–189.
Garousi, V. and Felderer, M. (2017). Experience-based guidelines for effective and efficient data extraction in systematic reviews in software engineering. In Proceedings of the 21st International Conference on Evaluation and Assessment 1 in Software Engineering, EASE ’17, page 170–179, New York, NY, USA. Association for Computing Machinery.
Garousi, V., Felderer, M., and Mantyla, M. V. (2019). Guidelines for including grey literature and conducting multivocal literature reviews in software engineering. Information and software technology, 106:101–121.
Guba, E. G. (1981). Eric/ectj annual review paper: Criteria for assessing the trustworthiness of naturalistic inquiries. Educational Communication and Technology, 29(2):75–91. 2
Guerriero, M., Garriga, M., Tamburri, D. A., and Palomba, F. (2019). Adoption, support, and challenges of infrastructure-as-code: Insights from industry. In ICSME, pages 580–589, None. IEEE.
Hasan, M. M., Bhuiyan, F. A., and Rahman, A. (2020). Testing practices for infrastructure as code. In Proceedings of the 1st ACM SIGSOFT International Workshop on Languages and Tools for Next-Generation Testing, LANGETI 2020, page 7–12, New York, NY, USA. Association for Computing Machinery.
Jiang, Y. and Adams, B. (2015). Co-evolution of infrastructure and source code - an empirical study. In 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories, pages 45–55, New York City at 3 Park Ave. IEEE.
Kamei, F., Wiese, I., Lima, C., Polato, I., Nepomuceno, V., Ferreira, W., Ribeiro, M., Pena, C., Cartaxo, B., Pinto, G., and Soares, S. (2021). Grey literature in software engineering: A critical review. Information and Software Technology, page 106609.
Kamei, F., Wiese, I., Pinto, G., Ribeiro, M., and Soares, S. (2020). On the use of grey literature: A survey with the brazilian software engineering research community. In Proceedings of the 34th Brazilian Symposium on Software Engineering, SBES ’20, pages 183–192, New York, NY, USA. Association for Computing Machinery.
Leite, L., Rocha, C., Kon, F., Milojicic, D., and Meirelles, P. (2019). A survey of devops concepts and challenges. ACM Comput. Surv., 52(6).
Mazyar, M. (2018). Devops: The ultimate way to break down silos - devops.com. [link]. (Accessed on 01/27/2023).
Monclus, P. (2021). Multi-cloud connectivity and security needs of kubernetes applications. [link]. (Accessed on 08/18/2023).
Nazário, M., Bonifácio, R., de Souza, C. R. B., Kenji, F., and Pinto, G. (2024). Strategies to mitigate differences between environments using rapid review on grey literature.
Ogawa, R. T. and Malen, B. (1991). Towards rigor in reviews of multivocal literatures: Applying the exploratory case study method. Review of educational research, 61(3):265–286.
Ozdougan, E., Ceran, O., and Ustundaug, M. T. (2023). Systematic analysis of infrastructure as code technologies. Gazi University Journal of Science Part A: Engineering and Innovation, pages 452–471.
Patro, S. and Sahu, K. K. (2015). Normalization: A preprocessing stage. arXiv preprint arXiv:1503.06462, 1(1):1.
Rahman, A., Barsha, F. L., and Morrison, P. (2021). Shhh!: 12 practices for secret management in infrastructure as code. In 2021 IEEE Secure Development Conference (SecDev), pages 56–62.
Rahman, A., Partho, A., Morrison, P., and Williams, L. (2018). What questions do programmers ask about configuration as code? In 2018 IEEE/ACM 4th International Workshop on Rapid Continuous Software Engineering (RCoSE), pages 16–22, New York City at 3 Park Ave. IEEE.
Sharma, T., Fragkoulis, M., and Spinellis, D. (2016). Does your configuration code smell? In 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), pages 189–200, New York City at 3 Park Ave. IEEE.
Shu, R., Gu, X., and Enck, W. (2017). A study of security vulnerabilities on docker hub. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, CODASPY ’17, page 269–280, New York, NY, USA. Association for Computing Machinery.
Tichy, W. F. (1995). Configuration management. John Wiley & Sons, Inc., 605 Third Ave. New York NY 10158 USA.
Wohlin, C. (2014). Guidelines for snowballing in systematic literature studies and a replication in software engineering. In Proceedings of the 18th international conference on evaluation and assessment in software engineering, pages 1–10, New York, NY, United States. Association for Computing Machinery.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Marcos Nazário, Rodrigo Bonifácio, Cleidson R. B. de Souza, Fernando Kenji Kamei, Gustavo Pinto
This work is licensed under a Creative Commons Attribution 4.0 International License.
