Latest Issue
Environmental Variables Determining Soil Physical Properties and Carbon Content at the Catchment Scale, Stung Chrey Bak Observatory, Cambodia
Published: December 31,2025The Negative Experiences of Low-Income Citizen Commute and Their Intentions Toward Public Bus in Phnom Penh
Published: December 31,2025Reliability Study on the Placement of Electric Vehicle Charging Stations in the Distribution Network of Cambodia
Published: December 31,2025Planning For Medium Voltage Distribution Systems Considering Economic And Reliability Aspects
Published: December 31,2025Security Management of Reputation Records in the Self-Sovereign Identity Network for the Trust Enhancement
Published: December 31,2025Effect of Enzyme on Physicochemical and Sensory Characteristics of Black Soy Sauce
Published: December 31,2025Activated Carbon Derived from Cassava Peels (Manihot esculenta) for the Removal of Diclofenac
Published: December 31,2025Land Use and Land Cover Distribution across Litho-Mineral Alteration of an Irrigated Catchment of the Tonle Sap Lake, Cambodia
Published: December 31,2025Impact of Smoking Materials on Smoked Fish Quality and Polycyclic Aromatic Hydrocarbon Contamination
Published: December 31,2025Estimation of rainfall and flooding with remotely-sensed spectral indices in the Mekong Delta region
Published: December 31,2025Enhancing the Accuracy and Reliability of Docker Image Vulnerability Scanning Technology
-
1. Department of Information and Communication Engineering, Institute of Technology of Cambodia, Russian Federation Blvd., P.O. Box 86, Phnom Penh, Cambodia
Academic Editor:
Received: July 17,2023 / Revised: / Accepted: September 23,2023 / Available online: June 30,2024
With the growth of usage of Docker containers in the recent year, Vulnerability scanning is essential to scanning and detecting known flaws and vulnerabilities in that specific Docker image. Using a custom docker image with third-party libraries in our code base authenticity or knowing their flaws can cause a lot of trouble in the future. In this case, vulnerability scanning tools such as Clair, Trivy, Anchor Grype, and Snyk are used for detecting the known vulnerability of the used Docker image and its included library but one Docker image can show different results depending on which tools we use due to the different scanning techniques and different vulnerability databases with different information (CVE, NVD, RedHat) that they use. In this research, We will be focusing on building an architectural framework that improves the accuracy, and reliability of the vulnerability scanning tools with a local vulnerability database that we built using a commonly used method such as static analysis which scans by reading package name and version searching, matching known suspicious pattern or signature using a binary database. Another method of scanning is a binary analysis which includes spotting unknown suspicious properties with a predefined algorithm. Using a confusion matrix, we evaluate the vulnerability scanning tool with docker images using the ground truth vulnerabilities stored in our local vulnerability database which is enriched with vulnerability information that is improved each time a new image is scanned.