Exploring Solutions for Container Image Security
Loading...
Authors
Frank Campo
Howe Wang
Joel Coffman
Issue Date
2023-10
Type
Other
Language
Keywords
Alternative Title
Abstract
Guided by NIST’s Application Container Security Guide, we explore workflows to address container image vulnerabilities that have known fixes. The approach stems from the idea that a DevOps team should always build container images that meet a specified security standard. We outline a blueprint that leverages a vulnerability scanner to establish a baseline of security issues and reduces that list via an automated patching process. We target popular images in common use: scanning each image identifies potential vulnerabilities and misconfigurations, and we compare the results of our automated pipeline against both the original image and a manually patched one. Through our work, we identified technical barriers to patching fixable vulnerabilities in off-the-shelf (OTS) images, a lack of accountability for badges used by popular container registries, and that responsibility for container security falls heavily on the shoulders of users.
Description
Citation
F. Campo, H. Wang and J. Coffman, "Exploring Solutions for Container Image Security," 2023 IEEE 14th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York, NY, USA, 2023, pp. 82-88, doi: 10.1109/UEMCON59035.2023.10316032
Publisher
IEEE