Desenvolvimento de uma ferramenta para identificação e classificação de security smells em dockerfiles

Borges Neto, João BatistaAraújo, Mateus Medeiros de2022-09-122022-09-122021-09-24ARAÚJO, Mateus Medeiros de. Desenvolvimento de uma ferramenta para identificação e classificação de Security Smells em Dockerfiles . Orientador: João Batista Borges Neto. Co-orientador: João Paulo de Souza Medeiros. 2021. 84f. Trabalho de Conclusão de Curso (Bacharelado em Sistemas de Informação) - Departamento de Computação e Tecnologia, Universidade Federal do Rio Grande do Norte, Caicó, 2021.https://repositorio.ufrn.br/handle/123456789/49331Infrastructure as a code is an approach that is increasingly being used for the creation and management of IT (Information Technology) infrastructures from source code. The Docker tool makes use of techniques such as infrastructure as a code, through files called Dockerfiles, to assist in the creation of an infrastructure. However, Dockerfiles used for the creation of infrastructures are susceptible to misimplementations, which can result in security smells. Security smells are indicative of security flaws in a source code. If not mitigated, security smells can lead to security breaches that, if exploited, can cause huge losses. However, despite several studies on the identification and potential risk of the presence of security smells in Dockerfiles, as far as we could identify, there are no tools to automatically verify their occurrence. Therefore, the present work proposes the development of a static source code analysis tool capable of automatically identifying security smells in Dockerfiles. In the present work, to support the development of the tool, a bibliographic research was carried out to better understand the areas of IT infrastructure, software security and static analysis of source code. Thus, it is expected that the tool proposed here can assist in the identification of possible security flaws in Dockerfiles. Making it possible to mitigate these vulnerabilities in advance and, consequently, making IT infrastructures and their services even more secure.Infraestrutura como códigoSegurança de softwareAnálise estática de códigoDockerDockerfilesSecurity smellsDesenvolvimento de uma ferramenta para identificação e classificação de security smells em dockerfilesDevelopment of a tool for identifying and classifying security smells in dockerfilesbachelorThesisCNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO