Open Access iconOpen Access

ARTICLE

crossmark

DAVS: Dockerfile Analysis for Container Image Vulnerability Scanning

by Thien-Phuc Doan, Souhwan Jung*

1 School of Electronic Engineering, Soongsil University, Seoul, 06978, Korea

* Corresponding Author: Souhwan Jung. Email: email

(This article belongs to the Special Issue: Security and Privacy Issues in Systems and Networks Beyond 5G)

Computers, Materials & Continua 2022, 72(1), 1699-1711. https://doi.org/10.32604/cmc.2022.025096

Abstract

Container technology plays an essential role in many Information and Communications Technology (ICT) systems. However, containers face a diversity of threats caused by vulnerable packages within container images. Previous vulnerability scanning solutions for container images are inadequate. These solutions entirely depend on the information extracted from package managers. As a result, packages installed directly from the source code compilation, or packages downloaded from the repository, etc., are ignored. We introduce DAVS–A Dockerfile analysis-based vulnerability scanning framework for OCI-based container images to deal with the limitations of existing solutions. DAVS performs static analysis using file extraction based on Dockerfile information to obtain the list of Potentially Vulnerable Files (PVFs). The PVFs are then scanned to figure out the vulnerabilities in the target container image. The experimental shows the outperform of DAVS on detecting Common Vulnerabilities and Exposures (CVE) of 10 known vulnerable images compared to Clair– the most popular container image scanning project. Moreover, DAVS found that 68% of real-world container images are vulnerable from different image registries.

Keywords


Cite This Article

APA Style
Doan, T., Jung, S. (2022). DAVS: dockerfile analysis for container image vulnerability scanning. Computers, Materials & Continua, 72(1), 1699-1711. https://doi.org/10.32604/cmc.2022.025096
Vancouver Style
Doan T, Jung S. DAVS: dockerfile analysis for container image vulnerability scanning. Comput Mater Contin. 2022;72(1):1699-1711 https://doi.org/10.32604/cmc.2022.025096
IEEE Style
T. Doan and S. Jung, “DAVS: Dockerfile Analysis for Container Image Vulnerability Scanning,” Comput. Mater. Contin., vol. 72, no. 1, pp. 1699-1711, 2022. https://doi.org/10.32604/cmc.2022.025096



cc Copyright © 2022 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 2037

    View

  • 1308

    Download

  • 0

    Like

Related articles

Share Link