@inproceedings{fd59611c565943a681d983c82209d23c,
title = "Investigations into Secure IaC Practices",
abstract = "Security is one of the major concerns for companies, as security attacks are rapidly increasing. There are many laws and regulations which provide guidelines to companies for securing their applications. A few of those laws impose heavy fines when appropriate measures for security are not taken. Provisioning infrastructure using manual configuration can also be a difficult task as it involves multiple steps. In this paper, we investigate securely provisioning infrastructure automatically. Security and automatic infrastructure provisioning can be achieved using source code analysis tool, container security tool, and IaC tools. We show that source code and containers can be scanned for vulnerabilities, and when critical vulnerabilities are not found, the infrastructure can be automatically provisioned using Terraform script. The authors observed that implemented systems can be scanned for vulnerabilities in source code and containers provisioned automatically using secure IaC script.",
keywords = "Automation, DevOps, Infrastructure as code",
author = "Keerthi Neharika and Lennon, {Ruth G.}",
note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.; 7th International Congress on Information and Communication Technology, ICICT 2022 ; Conference date: 21-02-2022 Through 24-02-2022",
year = "2023",
doi = "10.1007/978-981-19-1610-6_25",
language = "English",
isbn = "9789811916090",
series = "Lecture Notes in Networks and Systems",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "289--303",
editor = "Xin-She Yang and Simon Sherratt and Nilanjan Dey and Amit Joshi",
booktitle = "Proceedings of 7th International Congress on Information and Communication Technology - ICICT 2022",
}