Bui, Quang CuongQuang CuongBuiLaukotter, MalteMalteLaukotterScandariato, RiccardoRiccardoScandariato2024-01-242024-01-242023-1039th IEEE International Conference on Software Maintenance and Evolution (ICSME 2023)https://hdl.handle.net/11420/45265Docker is a widely adopted platform that enables developers to create lightweight and isolated containers for deploying applications. These containers can be replicated from a single blueprint specified by a text file known as a Dockefile. The Dockerfile smells might not only hinder the performance of containers but also potentially introduce security risks. State-of-The-Art scanning tools, such as Hadolint and KICS, are available to efficiently detect Dockerfile smells. Still, there is a lack of approaches focusing on resolving these issues. Therefore, we present DockerCleaner, an automated repair tool that suggests fixes for eleven Dockerfile security smell types. Our tool employs the repair actions inspired by the best security practices for writing Dockerfiles. The evaluation results show that DockerCleaner can remove the artificially injected security smells from 92.67% of the Dockerfiles and guarantee the buildability for 99.33% of them. Specifically for security smells in real Dockerfiles, DockerCleaner outperforms the state-of-The-Art repair tool by a wide margin. Finally, we leveraged the fixes generated by DockerCleaner to propose improvements to twelve official Docker images. Eight pull requests have been accepted and merged by the developers.enAutomatic RepairDockerSecurity SmellsEngineering and Applied OperationsConference Paper10.1109/ICSME58846.2023.00026Conference Paper