Latest Issue
Effect of Different Irrigation Methods on Water Use Efficiency in Rice Soil Column Test
Published: April 30,2025Optimization of Extraction Condition for Oleoresin from Red Pepper Residues
Published: April 30,2025Effect of microwave pretreatment method on essential oil extraction on key lime peel (Citrus × aurantiifolia)
Published: April 30,2025Reducing traffic congestion during flyover construction: A case study of flyover construction at the intersection 2004, Phnom Penh, Cambodia
Published: April 30,2025Effects of Different Bleaching Conditions on Bleaching Efficiency and Physicochemical Characteristics of Cambodian Soybean Oil
Published: April 30,2025Bus Arrival Time Prediction Using Machine Learning Approaches
Published: April 30,2025A Deep Learning Approach for Identifying Individuals Based on Their Handwriting
Published: April 30,2025Utilizing Data Mining And AI To Enhance Cambodian High School Student Performance And Stakeholder Success
Published: April 30,2025Khmer Question-Answering Model by Fine-tuning Pre-trained Model
Published: April 30,2025CNN-based Reinforcement Learning with Policy Gradient for Khmer Chess
Published: April 30,2025Enhancing the Accuracy and Reliability of Docker Image Vulnerability Scanning Technology
-
1. Department of Information and Communication Engineering, Institute of Technology of Cambodia, Russian Federation Blvd., P.O. Box 86, Phnom Penh, Cambodia
Academic Editor:
Received: July 17,2023 / Revised: / Accepted: September 23,2023 / Available online: June 30,2024
With the growth of usage of Docker containers in the recent year, Vulnerability scanning is essential to scanning and detecting known flaws and vulnerabilities in that specific Docker image. Using a custom docker image with third-party libraries in our code base authenticity or knowing their flaws can cause a lot of trouble in the future. In this case, vulnerability scanning tools such as Clair, Trivy, Anchor Grype, and Snyk are used for detecting the known vulnerability of the used Docker image and its included library but one Docker image can show different results depending on which tools we use due to the different scanning techniques and different vulnerability databases with different information (CVE, NVD, RedHat) that they use. In this research, We will be focusing on building an architectural framework that improves the accuracy, and reliability of the vulnerability scanning tools with a local vulnerability database that we built using a commonly used method such as static analysis which scans by reading package name and version searching, matching known suspicious pattern or signature using a binary database. Another method of scanning is a binary analysis which includes spotting unknown suspicious properties with a predefined algorithm. Using a confusion matrix, we evaluate the vulnerability scanning tool with docker images using the ground truth vulnerabilities stored in our local vulnerability database which is enriched with vulnerability information that is improved each time a new image is scanned.