Investigations into Secure IaC Practices

Security is one of the major concerns for companies, as security attacks are rapidly increasing. There are many laws and regulations which provide guidelines to companies for securing their applications. A few of those laws impose heavy fines when appropriate measures for security are not taken. Provisioning infrastructure using manual configuration can also be a difficult task as it involves multiple steps. In this paper, we investigate securely provisioning infrastructure automatically. Security and automatic infrastructure provisioning can be achieved using source code analysis tool, container security tool, and IaC tools. We show that source code and containers can be scanned for vulnerabilities, and when critical vulnerabilities are not found, the infrastructure can be automatically provisioned using Terraform script. The authors observed that implemented systems can be scanned for vulnerabilities in source code and containers provisioned automatically using secure IaC script.