Low-code development platforms provide an accessible infrastructure for the creation of software by domain experts, also called "citizen developers", without the need for formal programming education. Development is facilitated through graphical user interfaces, although traditional programming can still be used to extend low-code applications, for example when external services or complex business logic needs to be implemented that cannot be realized with the features available on a platform. Since citizen developers are usually not specifically trained in software development, they require additional support when writing code, particularly with regard to security and advanced techniques like debugging or versioning. In this thesis, several options to assist developers of low-code applications are investigated and implemented. A framework to quickly build code editor extensions is developed, and an approach to leverage the Roslyn compiler platform to implement custom static code analysis rules for low-code development platforms using the .NET platform is demonstrated. Furthermore, a sample application showing how Roslyn can be used to build a simple, integrated debugging tool, as well as an abstraction of the version control system Git for easier usage by citizen developers, is implemented. Security is a critical aspect when low-code applications are deployed. To provide an overview over possible options to ensure the secure and isolated execution of low-code applications, a threat model is developed and used as the basis for a comparison between OS-level virtualization, sandboxing, and runtime code security implementations.

翻译：低代码开发平台为领域专家（也称为“公民开发者”）提供了一种可访问的软件创建基础设施，而无需正式的编程教育。开发过程通过图形用户界面得以简化，尽管仍可使用传统编程来扩展低代码应用，例如在需要实现平台可用功能无法实现的外部服务或复杂业务逻辑时。由于公民开发者通常未受过专门的软件开发培训，他们在编写代码时需要额外支持，特别是在安全性以及调试或版本控制等高级技术方面。本论文研究并实现了多种辅助低代码应用开发者的方案。开发了一个用于快速构建代码编辑器扩展的框架，并演示了一种利用 Roslyn 编译器平台为基于 .NET 平台的低代码开发平台实现自定义静态代码分析规则的方法。此外，还实现了一个示例应用，展示了如何使用 Roslyn 构建简单的集成调试工具，以及对版本控制系统 Git 的抽象，以便公民开发者更易使用。安全性是低代码应用部署时的关键方面。为了概述确保低代码应用安全且隔离执行的可能选项，我们开发了一个威胁模型，并将其作为操作系统级虚拟化、沙箱和运行时代码安全实现之间比较的基础。