Latest Issue
Empowering Education with Online Khmer Handwritten Text Recognition for Teaching and Learning Assistance
Published: August 30,2025Undergraduate Student Dropout Prediction with Class Balancing Techniques
Published: August 30,2025Status of Seawater Quality at Koh Rong Island, Sihanoukville, Cambodia
Published: August 30,2025Low-Complexity Detection of Primary Synchronization Signal for 5G New Radio Terrestrial Cellular System
Published: August 30,2025Word Spotting on Khmer Printed Documents
Published: August 30,2025Tuning Hyperparameters Learning Rate and Gamma in Gym Environment Inverted Pendulum
Published: August 30,2025Examining Passenger Loyalty in Phnom Penh Public Bus System: A Structural Equation Modelling Approach
Published: August 30,2025Prediction on Load model for future load profile of Electric Vehicle charging demand in Phnom Penh
Published: August 30,2025Economic Study on Integrating PV-DG with Grid-Tie: Case Study in Cambodia
Published: August 30,2025Techno-Economic Comparison of VRF and Water-cooled Chiller System at the Ministry of Tourism in Sihanouk Province, Cambodia
Published: August 30,2025Enhancing the Accuracy and Reliability of Docker Image Vulnerability Scanning Technology
-
1. Department of Information and Communication Engineering, Institute of Technology of Cambodia, Russian Federation Blvd., P.O. Box 86, Phnom Penh, Cambodia
Academic Editor:
Received: July 17,2023 / Revised: / Accepted: September 23,2023 / Available online: June 30,2024
With the growth of usage of Docker containers in the recent year, Vulnerability scanning is essential to scanning and detecting known flaws and vulnerabilities in that specific Docker image. Using a custom docker image with third-party libraries in our code base authenticity or knowing their flaws can cause a lot of trouble in the future. In this case, vulnerability scanning tools such as Clair, Trivy, Anchor Grype, and Snyk are used for detecting the known vulnerability of the used Docker image and its included library but one Docker image can show different results depending on which tools we use due to the different scanning techniques and different vulnerability databases with different information (CVE, NVD, RedHat) that they use. In this research, We will be focusing on building an architectural framework that improves the accuracy, and reliability of the vulnerability scanning tools with a local vulnerability database that we built using a commonly used method such as static analysis which scans by reading package name and version searching, matching known suspicious pattern or signature using a binary database. Another method of scanning is a binary analysis which includes spotting unknown suspicious properties with a predefined algorithm. Using a confusion matrix, we evaluate the vulnerability scanning tool with docker images using the ground truth vulnerabilities stored in our local vulnerability database which is enriched with vulnerability information that is improved each time a new image is scanned.