Banca de QUALIFICAÇÃO: GERFESSON SANTOS DA NOBREGA

Uma banca de QUALIFICAÇÃO de MESTRADO foi cadastrada pelo programa.
STUDENT : GERFESSON SANTOS DA NOBREGA
DATE: 25/08/2025
TIME: 10:00
LOCAL: On-line via Google Meet
TITLE:

Security Smells Analysis in Infrastructure as Code projects and application of SAST tool for Terraform

 

KEY WORDS:

Infrastructure as Code (IaC); DevSecOps; Security smells; Terraform; Static
Application Security Testing (SAST).

 

PAGES: 49
BIG AREA: Ciências Exatas e da Terra
AREA: Ciência da Computação
SUBÁREA: Metodologia e Técnicas da Computação
SPECIALTY: Engenharia de Software
SUMMARY:

The challenges of managing and maintaining infrastructure in IT companies, as well as the
desire to deliver increasingly scalable and agile solutions, have contributed to the adoption
of cloud computing, a fact that has contributed to the popularization of practices that aid
this process. Infrastructure as Code (IaC) is a practice that has gained traction with the
DevSecOps culture, being used to provision software infrastructure in the cloud through
code writing. Although IaC has clear benefits such as reduced risk and reduced effort when
making infrastructure changes, there are still gaps in the literature regarding security
assessments, especially when analyzing popular tools in the technology market such as
Terraform. This work contributes scientifically and technologically to DevSecOps culture
by developing a SAST tool to identify security smells in Terraform-provided infrastructure
projects. By evaluating effectiveness, accuracy, and coverage, we aim to obtain comparative
results with commercially available tools

 

COMMITTEE MEMBERS:
Presidente - 2274774 - EIJI ADACHI MEDEIROS BARBOSA
Interno - 1644456 - UIRA KULESZA
Externo à Instituição - CARLOS EDUARDO DA SILVA