Investigations into Secure IaC Practices

Neharika Keerthi,Lennon Ruth G.

Proceedings of Seventh International Congress on Information and Communication Technology(2022)

引用 0|浏览3
暂无评分
摘要
Security is one of the major concerns for companies, as security attacks are rapidly increasing. There are many laws and regulations which provide guidelines to companies for securing their applications. A few of those laws impose heavy fines when appropriate measures for security are not taken. Provisioning infrastructure using manual configuration can also be a difficult task as it involves multiple steps. In this paper, we investigate securely provisioning infrastructure automatically. Security and automatic infrastructure provisioning can be achieved using source code analysis tool, container security tool, and IaC tools. We show that source code and containers can be scanned for vulnerabilities, and when critical vulnerabilities are not found, the infrastructure can be automatically provisioned using Terraform script. The authors observed that implemented systems can be scanned for vulnerabilities in source code and containers provisioned automatically using secure IaC script.
更多
查看译文
关键词
Infrastructure as code, DevOps, Automation
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要