Methodology for Analyzing Dockerfile Using AI for Vulnerabilities
摘要
This paper presents a methodology that utilizes artificial intelligence tools to analyze Dockerfiles and identify security vulnerabilities. The authors propose an approach that automates the labor-intensive manual processes of Dockerfile creation and subsequent verification. The primary focus is on detecting potentially dangerous configurations, suboptimal practices, and latent security risks at the Dockerfile level before the image is built. Implementing this methodology enhances the security of containerized environments by enabling early detection and remediation of configuration vulnerabilities. The paper discusses the operating principles of the proposed methodology and its potential application for strengthening DevOps security practices.