Dalarna University's logo and link to the university's website

du.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • chicago-author-date
  • chicago-note-bibliography
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Docker Container Images: Concerns about available container image scanning tools and image security
Dalarna University, School of Information and Engineering.
Dalarna University, School of Information and Engineering.
2022 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

With the growing use of cloud computing and need for resource effectiveness, the use of container technology has increased compared to virtual machines. This is since containers require fewer resources and are significantly faster to start up. A popular containerplatform is Docker which lets users manage and run containers. The containers are run from images that can be downloaded from different sources, Docker Hub being a popular choice. Because of container technology sharing the OS-kernel with the host, there is a great need to increase and monitor the security of containers and the images they are run from. To find vulnerabilities in images, there are image scanning tools available. In this dissertation, we study 5 different image scanning tools and their performance. Twentyfive random images were selected from popular images on Docker Hub and were then scanned for vulnerabilities with the tools in the study. We aimed to answer the following questions: (1) Are there any clear differences between the number of vulnerabilities found by different image vulnerability scanning tools? (2) Are there any differences between the types of vulnerabilities found by different image vulnerability scanning tools? (3) What is the relative effectiveness of different image vulnerability scanning tools? The results show that there are considerable differences between different container image scanning tools regarding the number of found vulnerabilities. We also found that there were differences regarding the severity-grading of found vulnerabilities between the tested tools. When using our proposed metric for calculation of relative effectiveness, we discovered that the tool with the highest relative effectiveness could still miss approximately 39 percent of the vulnerabilities in images. The tool with the lowest relative effectiveness could miss approximately 77 percent of the vulnerabilities in images. 

Place, publisher, year, edition, pages
2022.
Keywords [en]
Docker, Image, Container, Security, Scanning, Tools
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:du-41795OAI: oai:DiVA.org:du-41795DiVA, id: diva2:1679447
Subject / course
Microdata Analysis
Available from: 2022-07-29 Created: 2022-07-01

Open Access in DiVA

fulltext(712 kB)794 downloads
File information
File name FULLTEXT01.pdfFile size 712 kBChecksum SHA-512
fa29126f76cd28fc88e25475c74de605ec55c81b85a8381caf64210241b4efc339b4a5cd30e18797dbfd15d27ebd66f7451414d818a8e51e24b2272a653613bd
Type fulltextMimetype application/pdf

By organisation
School of Information and Engineering
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 794 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1797 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • chicago-author-date
  • chicago-note-bibliography
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf