Technical Field
The present invention relates generally to information processing and, in particular, to security inspection of massive virtual hosts for an immutable infrastructure and infrastructure as code.
Description of the Related Art
Security inspection is crucial for cloud vendors that provide virtual image hosting because its customers can upload virtual images that have security violations. Examples of security violations are a short password that does not meet a minimum password length requirement, the installation of a vulnerable application, an incorrect directory permission, and so forth. The images can be virtual machine images, which must have high integrity since the initial state of every virtual machine in the cloud is determined by some image. Moreover, as some benefits of the cloud depend on users using images generated by third parties, users must also be able to safely share images.
In a modern server management method referred to as Infrastructure as Code (IaC) and Immutable Infrastructure (II), setup scripts are used. When a new server is deployed, just a setup script is executed on a default operating system.
The cost of security inspection is expensive since it involves setting up an inspection tool on a virtual host. Due to the expansion of IaC and II, the number of servers in a data center is significantly increasing. Accordingly, the cost of security inspection for servers in a data center is also becoming significantly expensive.
Thus, there is a need to efficiently conduct security inspection on a number of setup scripts, and detect a root cause script line of a security violation.