With the growing use of cloud computing and need for resource effectiveness, the use of container technology has increased compared to virtual machines. This is since containers require fewer resources and are significantly faster to start up. A popular containerplatform is Docker which lets users manage and run containers. The containers are run from images that can be downloaded from different sources, Docker Hub being a popular choice. Because of container technology sharing the OS-kernel with the host, there is a great need to increase and monitor the security of containers and the images they are run from. To find vulnerabilities in images, there are image scanning tools available. In this dissertation, we study 5 different image scanning tools and their performance. Twentyfive random images were selected from popular images on Docker Hub and were then scanned for vulnerabilities with the tools in the study. We aimed to answer the following questions: (1) Are there any clear differences between the number of vulnerabilities found by different image vulnerability scanning tools? (2) Are there any differences between the types of vulnerabilities found by different image vulnerability scanning tools? (3) What is the relative effectiveness of different image vulnerability scanning tools? The results show that there are considerable differences between different container image scanning tools regarding the number of found vulnerabilities. We also found that there were differences regarding the severity-grading of found vulnerabilities between the tested tools. When using our proposed metric for calculation of relative effectiveness, we discovered that the tool with the highest relative effectiveness could still miss approximately 39 percent of the vulnerabilities in images. The tool with the lowest relative effectiveness could miss approximately 77 percent of the vulnerabilities in images.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:du-41795 |
Date | January 2022 |
Creators | Andersson, Michael, Hysing Berg, Robert |
Publisher | Högskolan Dalarna, Institutionen för information och teknik |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0021 seconds