For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Phishing Website Detection Using Natural Language Processing and Deep Learning Algorithm
p.712
Secret Sharing Scheme with Fingerprint Authentication
p.719
Network Intrusion Detection System Based Security System for Cloud Services Using Novel Recurrent Neural Network - Autoencoder (NRNN-AE) and Genetic
p.729
Comprehensive Survey on Detecting Security Attacks of IoT Intrusion Detection Systems
p.738
A Cumulative Tool for Docker Vulnerability Scanner
p.748
A Flexible and Investigation Approach for Encrypted Features Space Using Neural Network
p.754
Regularized CNN Model for Image Forgery Detection
p.762
Implementation of Intrusion Detection Model for Detecting Cyberattacks Using Support Vector Machine
p.772
Sensitive Data Transaction Using RDS in AWS
p.782

A Cumulative Tool for Docker Vulnerability Scanner

Article Preview

Abstract:

Docker container technology is a new virtualization technique that is extremely efficient throughout the development and deployment phases. Although Docker container technology is more convenient than traditional virtualization technology (virtual machines); it suffers from weak security due to inexperienced Docker image auditing techniques. To protect the host computer or local Docker containers from malicious Docker containers, it is required to detect potential hazards in Docker images and identify risks when Docker container instances are running on the host computer. This paper proposes a tool to give the cumulative report of the three major open-source vulnerability scanners like Trivy, Clair, and Grype.

You might also be interested in these eBooks
Proceedings: IoT, Cloud and Data Science View Preview

Info:

Periodical:

Advances in Science and Technology (Volume 124)

Pages:

748-753

DOI:

https://doi.org/10.4028/p-9cn8oe

Citation:

Cite this paper

Online since:

February 2023

Authors:

Chilla Jagadeesh Ram*, Vipin Pavithran, Varun Nair

Keywords:

Anchore-Grype, Clair, Docker, Docker Vulnerability Scanner, Trivy

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2023 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] Anchore-Grype. URL: https://github.com/anchore/grype.

Google Scholar

[2] Clair. URL: https://quay.github.io/clair/.

Google Scholar

[3] CVE. URL: https://cve.mitre.org/cve/search cve list.html.

Google Scholar

[4] Docker Overview. URL: https://docs.docker.com/getstarted/overview/.

Google Scholar

[5] Teppei Fukuda. Trivy. URL: https://aquasecurity.github.io/trivy/v0.18.2/.

Google Scholar

[6] Delu Huang et al. Security analysis and threats detection techniques on docker container. In: 2019 IEEE 5th International Conference on Computer and Communications (ICCC). IEEE. 2019, p.1214–1220.

DOI: 10.1109/iccc47050.2019.9064441

Google Scholar

[7] Vipin Jain et al. Static Vulnerability Analysis of Docker Images. In: IOP Conference Series: Materials Science and Engineering. Vol. 1131. 1. IOP Publishing. 2021, p.012018.

DOI: 10.1088/1757-899x/1131/1/012018

Google Scholar

[8] Antony Martin et al. Docker ecosystem–vulnerability analysis. In: Computer Communications 122 (2018), p.30–43.

Google Scholar

[9] Dirk Merkel et al. Docker: lightweight Linux containers for consistent development and deployment. In: Linux journal 2014.239 (2014), p.2.

Google Scholar

[10] NATIONAL VULNERABILITY DATABASE. URL: https: //nvd.nist.gov/.

Google Scholar

[11] Rui Shu, Xiaohui Gu, and William Enck. A study of security vulnerabilities on docker hub. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. 2017, p.269–280.

DOI: 10.1145/3029806.3029832

Google Scholar

[12] Olufogorehan Tunde-Onadele et al. A study on container vulnerability exploit detection. In: 2019 IEEE International Conference on Cloud Engineering (IC2E). IEEE. 2019, p.121–12.

DOI: 10.1109/ic2e.2019.00026

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.