LeakGauge: Infrastructure-as-Code–Aware Sensitive Data Flow Analysis in Event-Driven Serverless Applications

Maryam Rostamipoor, Michalis Polychronakis
December 2025

Abstract

LeakGauge is an IaC-aware static analysis framework that traces sensitive data flows across serverless deployments. Using CodeQL-based data- and taint-flow analysis informed by Infrastructure-as-Code configurations, LeakGauge identifies secret-exposure paths across event-driven serverless applications — uncovering 1,400+ secret-exposure paths across 500+ real-world applications. Designed as a CI/CD security guardrail, LeakGauge enables developers to catch sensitive data leakage before deployment.

Type
Preprint
Publication
In Preparation
Serverless Static Analysis CodeQL IaC Security CI/CD Security Secrets Management Data Flow Analysis