Latest Issue
Service Restoration in the Distribution System with Voltage Control Devices using Improved Sequential Opening Branches (ISOB)
Published: December 31,2024Physico-chemical Characteristics of Rice-based Cereal Processed by Twin-screw Extrusion and Microwave Cooking
Published: December 31,2024Investigation of the Influence of Extrusion Conditions on Cambodian Extruded Rice Vermicelli
Published: December 31,2024Application of High-Pressure and High-Temperature Reactor for Extraction of Essential Oil from Kaffir Lime Peel
Published: December 31,2024Optimal Placement of Electric Vehicle Charging Stations Using Mixed-Integer Linear Programming: A Case Study in Cambodia
Published: December 31,2024Minimum Standard of Traffic Safety Devices at Primary School Zone Black Spot in Phnom Penh
Published: December 31,2024Displacement-Based Formulation with Non-Penetration Constraint for Planar Composite Beams in Partial Interaction Using the Coupled Connector Model
Published: December 31,2024Effect of Different Water-Saving Irrigation Methods for Rice Cultivation, Case Study in Cambodia.
Published: December 31,2024Should water taxi service in Phnom Penh be abandoned or sustained?
Published: December 31,2024Evaluate the Potential Changes in Physico-Chemical and Microbiological Quality of Spicy Sour Seasoning during Storage
Published: December 31,2024Enhancing the Accuracy and Reliability of Docker Image Vulnerability Scanning Technology
-
1. Department of Information and Communication Engineering, Institute of Technology of Cambodia, Russian Federation Blvd., P.O. Box 86, Phnom Penh, Cambodia
Academic Editor:
Received: July 17,2023 / Revised: Accepted: September 23,2023 / Published: June 30,2024
With the growth of usage of Docker containers in the recent year, Vulnerability scanning is essential to scanning and detecting known flaws and vulnerabilities in that specific Docker image. Using a custom docker image with third-party libraries in our code base authenticity or knowing their flaws can cause a lot of trouble in the future. In this case, vulnerability scanning tools such as Clair, Trivy, Anchor Grype, and Snyk are used for detecting the known vulnerability of the used Docker image and its included library but one Docker image can show different results depending on which tools we use due to the different scanning techniques and different vulnerability databases with different information (CVE, NVD, RedHat) that they use. In this research, We will be focusing on building an architectural framework that improves the accuracy, and reliability of the vulnerability scanning tools with a local vulnerability database that we built using a commonly used method such as static analysis which scans by reading package name and version searching, matching known suspicious pattern or signature using a binary database. Another method of scanning is a binary analysis which includes spotting unknown suspicious properties with a predefined algorithm. Using a confusion matrix, we evaluate the vulnerability scanning tool with docker images using the ground truth vulnerabilities stored in our local vulnerability database which is enriched with vulnerability information that is improved each time a new image is scanned.