Vis enkel innførsel

dc.contributor.advisorHaugerud, Hårek
dc.contributor.advisorHasan, Ismail
dc.contributor.advisorSocchi, Emilien
dc.contributor.authorZarei, Mehdi
dc.date.accessioned2022-09-13T08:29:17Z
dc.date.available2022-09-13T08:29:17Z
dc.date.issued2022
dc.identifier.urihttps://hdl.handle.net/11250/3017416
dc.description.abstractThe use of container technology as a main part of software development increasing exponentially. Containers do not only provide a huge benefit for Integration/Continuous Delivery (CI/CD) pipelines, but also simplify shipping problems. However, the security of container images is a primary concern. Exploitation of a single vulnerability in an image could have huge consequences and result in loss of CIA (Confidentiality, Integrity, Availability) in an application. While there are a variety of image scanners that create vulnerability reports informing the security teams, there is a lack of knowledge about the inner workings of container images and how they interact with different types of images. First, this thesis describes the history of containers, tools, and technology related to containers. Second, we discuss some of the most popular container image scanners and have selected two which are both opensource and highly ranked. Next, the thesis explains how scanners detect packages and vulnerabilities. Finally, a few experiments are conducted with three different types of containers; standard container images, distroless, and images that have been slimmed down. These kinds of images are scanned using the image scanners and the results are compared. Our findings reveal that: 1. Both selected images scanners use roughly the same algorithm to detect vulnerabilities 2. Trivy supports more OS and application packages 3. The majority of the detected vulnerabilities are unfixed vulnerabilities 4. None of the tested scanners were able to detect vulnerabilities when using slimmed down images.en_US
dc.language.isoengen_US
dc.publisherOsloMet - storbyuniversiteteten_US
dc.relation.ispartofseriesACIT;2022
dc.subjectContainersen_US
dc.subjectImage scannersen_US
dc.subjectVulnerabilityen_US
dc.subjectTrivyen_US
dc.subjectClairen_US
dc.titleInvestigating the inner workings of container image vulnerability scannersen_US
dc.typeMaster thesisen_US
dc.description.versionpublishedVersionen_US


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel