Методи сканування образу docker контейнерів на предмет вразливостей безпеки
| dc.citation.epage | 43 | |
| dc.citation.issue | 2 | |
| dc.citation.journalTitle | Комп'ютерні системи та мережі | |
| dc.citation.spage | 35 | |
| dc.citation.volume | 6 | |
| dc.contributor.affiliation | Національний університет “Львівська політехніка” | |
| dc.contributor.affiliation | Національний університет “Львівська політехніка” | |
| dc.contributor.affiliation | Lviv Polytechnic National University | |
| dc.contributor.affiliation | Lviv Polytechnic National University | |
| dc.contributor.author | Дарієнко, Д. Г. | |
| dc.contributor.author | Когут, Н. М. | |
| dc.contributor.author | Drienko, D. | |
| dc.contributor.author | Kohut, N. | |
| dc.coverage.placename | Львів | |
| dc.coverage.placename | Lviv | |
| dc.date.accessioned | 2025-12-11T11:15:28Z | |
| dc.date.created | 2024-10-10 | |
| dc.date.issued | 2024-10-10 | |
| dc.description.abstract | З розвитком контейнеризованих середовищ питання безпеки стає критично важливим для розгортання додатків. У цій статті проведено порівняльний аналіз статичного та динамічного методів сканування образів Docker контейнерів. Статичний аналіз використовується для виявлення потенційних вразливостей до розгортання контейнера, тоді як динамічний аналіз проводиться в ізольованому середовищі під час виконання, забезпечуючи надійність продукту. Порівняно роботу сканерів Trivy, JFrog Xray, Snyk і Docker Scout, підкреслено їх переваги, недоліки та ефективність у різних умовах. Доведено, що Trivy знаходить найбільше вразливостей серед протестованих сканерів. Snyk та Xray видають приблизно однакові результати, проте Xray також перевіряє шифрування важливих даних, таких як паролі. Docker Scout виявився най- слабшим представником, єдиною перевагою якого є відкритий доступ результатів, які можна проаналізувати без завантаження образу на сервер чи персональний комп’ютер розробника. Особливу увагу приділено статичному аналізу через його ширше покриття вразливостей, включаючи операційні пакети та залежності додатків. Продемонстровано різницю в оцінці критичності вразливостей різними сканерами, а також обговорено, як велика кількість знайдених вразливостей не завжди означає високий рівень ризику. На основі проведеного аналізу запропоновано критерії для вибору сканера, щоб уникнути витоку інформації через непомічені вразливості. | |
| dc.description.abstract | With the development of containerized environments, the issue of security is becoming critical for application deployments. This article provides a comparative analysis of static and dynamic methods for scanning Docker container images. Static analysis is used to identify potential vulnerabilities before container deployment, while dynamic analysis is performed in an isolated environment at runtime, ensuring product reliability. The work of Trivy, JFrog Xray, Snyk, and Docker Scout scanners is compared, and their advantages, disadvantages, and effectiveness in different conditions are emphasized. Trivy has been proven to find the most vulnerabilities among the scanners tested. Snyk and Xray give similar results, but Xray also checks for encryption of important data such as passwords. Docker Scout turned out to be the weakest representative, the only advantage of which is open access to results that can be analyzed without uploading an image to the server or personal developers’ computer. Particular attention is paid to static analysis due to its broader coverage of vulnerabilities, including operating packages and application dependencies. The difference in the assessment of the criticality of vulnerabilities by different scanners is demonstrated, and it is also discussed how many vulnerabilities found do not always mean a high level of risk. Based on the analysis, criteria for choosing a scanner are proposed to avoid information leakage due to unnoticed vulnerabilities. | |
| dc.format.extent | 35-43 | |
| dc.format.pages | 9 | |
| dc.identifier.citation | Дарієнко Д. Г. Методи сканування образу docker контейнерів на предмет вразливостей безпеки / Д. Г. Дарієнко, Н. М. Когут // Комп'ютерні системи та мережі. — Львів : Видавництво Львівської політехніки, 2024. — Том 6. — № 2. — С. 35–43. | |
| dc.identifier.citation2015 | Дарієнко Д. Г., Когут Н. М. Методи сканування образу docker контейнерів на предмет вразливостей безпеки // Комп'ютерні системи та мережі, Львів. 2024. Том 6. № 2. С. 35–43. | |
| dc.identifier.citationenAPA | Drienko, D., & Kohut, N. (2024). Metody skanuvannia obrazu docker konteineriv na predmet vrazlyvostei bezpeky [Docker container image scanning methods on the subject of security vulnerabilities]. Computer Systems and Networks, 6(2), 35-43. Lviv Politechnic Publishing House. [in Ukrainian]. | |
| dc.identifier.citationenCHICAGO | Drienko D., Kohut N. (2024) Metody skanuvannia obrazu docker konteineriv na predmet vrazlyvostei bezpeky [Docker container image scanning methods on the subject of security vulnerabilities]. Computer Systems and Networks (Lviv), vol. 6, no 2, pp. 35-43 [in Ukrainian]. | |
| dc.identifier.doi | DOI: https://doi.org/10.23939/csn2024.02.035 | |
| dc.identifier.uri | https://ena.lpnu.ua/handle/ntb/123991 | |
| dc.language.iso | uk | |
| dc.publisher | Видавництво Львівської політехніки | |
| dc.publisher | Lviv Politechnic Publishing House | |
| dc.relation.ispartof | Комп'ютерні системи та мережі, 2 (6), 2024 | |
| dc.relation.ispartof | Computer Systems and Networks, 2 (6), 2024 | |
| dc.relation.references | 1. Ahmed A. and Pierre G.«Docker-pi: Docker container deployment in fog computing infrastructures» International Journal of Cloud Computing, vol. 1, no. 6, 2019. DOI: 10.1109/EDGE.2018.00008 | |
| dc.relation.references | 2.. Alyas T, Ali S., Khan H., Samad A., Alissa K . та. Saleem M.. «Container Performance and Vulnerability Management for Container Security Using Docker Engine». Security and Communication Networks, 2022. DOI:10.1155/2022/6819002 | |
| dc.relation.references | 3. Jain V., Singh B., Khenwar M. та Sharma M. «Static Vulnerability Analysis of Docker Images» в IOP Conference Series: Materials Science and Engineering, Jaipur, India, 2021. DOI: 10.1088/1757-899X/1131/1/012018 | |
| dc.relation.references | 4. Efe, Doç. Dr. Ahmet & Aslan, Ulaş & Kara, Aytekin. (2020). Securing Vulnerabilities in Docker Images. International Journal of Innovative Engineering Applications. 4. 31-39. DOI: 10.46460/ijiea.617181. | |
| dc.relation.references | 5. Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities. (n.d.). Retrieved from banyanops Available https://www.banyansecurity.io/blog/over-30-of-official-images-in-docker-hub-contain-highpriority- security-vulnerabilities/ (Accessed: 18 March 2024) | |
| dc.relation.references | 6. Martin R. A. "Managing vulnerabilities in networked systems," in Computer, vol. 34, no. 11, pp. 32-38, Nov.2001, DOI: 10.1109/2.963441. | |
| dc.relation.references | 7. Docker, Inc., «Overview of Docker Desktop» Docker, Inc., [Онлайновий]. Available:https://docs.docker.com/desktop/. (Accessed: 18 March 2024) | |
| dc.relation.references | 8. Hashemi-Pour C., Bigelow S. J. та Courtemanche M. «DEFINITION Docker, » TechTarget., [Онлайновий].Available: https://www.techtarget.com/searchitoperations/definition/Docker/. (Accessed: 18 March 2024) | |
| dc.relation.references | 9. Five Security concerns when using docker. (n.d.). Retrieved from Oreilly [Онлайновий]. Available:https://www.oreilly.com/ideas/five-security-concerns-when-using-docker (Accessed: 18 March 2024) | |
| dc.relation.references | 10. Aqua Security Software Ltd., «Data Sources - Trivy,» Aqua Security Software Ltd., [Онлайновий]. Available:https://aquasecurity.github.io/trivy/v0.32/docs/vulnerability/detection/data-source/. (Accessed: 18 March 2024) | |
| dc.relation.references | 11. Aqua Security Software Ltd., «Data Sources - Trivy,» Aqua Security Software Ltd., [Онлайновий]. Available:https://aquasecurity.github.io/trivy/v0.32/docs/vulnerability/detection/data-source/. (Accessed: 18 March 2024) | |
| dc.relation.references | 12. Canonical Ltd., «CVE reports, » Canonical Ltd., [Онлайновий]. Available: https://ubuntu.com/security/cves/.(Accessed: 18 March 2024) | |
| dc.relation.references | 13. Amazon Web Services, Inc., «Amazon Linux Security Center, » Amazon Web Services, Inc., [Онлайновий].Available: https://alas.aws.amazon.com/. (Accessed: 18 March 2024) | |
| dc.relation.references | 14. Doan P. та Jung S., «DAVS: Dockerfile Analysis for Container Image Vulnerability Scanning» Computers,Materials &Continua, т. 72, №1, pp. 1699-1711, 2022. DOI: 10.32604/cmc.2022.025096 | |
| dc.relation.references | 15. Ugale S. та Potgantwar A. «Container Security in Cloud Environments: A Comprehensive Analysis and FutureDirections for DevSecOps» в RAiSE, Woodhouse, Leeds, 2023. DOI: 10.3390/engproc2023059057 | |
| dc.relation.references | 16. Huang D., Cui H., Wen S. and Huang C. "Security Analysis and Threats Detection Techniques on DockerContainer," 2019 IEEE 5th International Conference on Computer and Communications (ICCC), Chengdu, China,2019, pp. 1214-1220, DOI: 10.1109/ICCC47050.2019.9064441 | |
| dc.relation.references | 17. Brady K., Moon S., Nguyen T. and Coffman J. "Docker Container Security in Cloud Computing" 2020 10thAnnual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 2020, pp. 0975-0980,DOI: 10.1109/CCWC47524.2020.9031195. | |
| dc.relation.references | 18. JFrog Ltd., «JFROG Artifactory» JFrog Ltd., [Онлайновий]. Available: https://jfrog.com/artifactory/.(Accessed: 18 March 2024) | |
| dc.relation.references | 19. JFrog Ltd., «JFrog Xray» JFrog Ltd., [Онлайновий]. Available: https://jfrog.com/help/r/get-started-with-thejfrog-platform/jfrog-xray. (Accessed: 18 March 2024) | |
| dc.relation.references | 20. Aqua Security Software Ltd., «Trivy Documentation,» Aqua Security Software Ltd., [Онлайновий]. Available:https://aquasecurity.github.io/trivy/v0.49/. (Accessed: 18 March 2024) | |
| dc.relation.references | 21. Snyk Limited, «Snyk Vulnerability Database», Snyk Limited [Онлайновий]. Available: https://security.snyk.io/.(Accessed: 18 March 2024) | |
| dc.relation.references | 22. Docker, Inc., «Docker Hub» Docker, Inc., [Онлайновий]. Available: https://hub.docker.com/. (Accessed: 18March 2024) | |
| dc.relation.references | 23. Red Hat, Inc., «CVE-2023-24538» Red Hat, Inc., [Онлайновий]. Available:https://access.redhat.com/security/cve/cve-2023-24538. (Accessed: 18 March 2024) | |
| dc.relation.referencesen | 1. Ahmed A. and Pierre G."Docker-pi: Docker container deployment in fog computing infrastructures" International Journal of Cloud Computing, vol. 1, no. 6, 2019. DOI: 10.1109/EDGE.2018.00008 | |
| dc.relation.referencesen | 2.. Alyas T, Ali S., Khan H., Samad A., Alissa K . ta. Saleem M.. "Container Performance and Vulnerability Management for Container Security Using Docker Engine". Security and Communication Networks, 2022. DOI:10.1155/2022/6819002 | |
| dc.relation.referencesen | 3. Jain V., Singh B., Khenwar M. ta Sharma M. "Static Vulnerability Analysis of Docker Images" v IOP Conference Series: Materials Science and Engineering, Jaipur, India, 2021. DOI: 10.1088/1757-899X/1131/1/012018 | |
| dc.relation.referencesen | 4. Efe, Doç. Dr. Ahmet & Aslan, Ulaş & Kara, Aytekin. (2020). Securing Vulnerabilities in Docker Images. International Journal of Innovative Engineering Applications. 4. 31-39. DOI: 10.46460/ijiea.617181. | |
| dc.relation.referencesen | 5. Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities. (n.d.). Retrieved from banyanops Available https://www.banyansecurity.io/blog/over-30-of-official-images-in-docker-hub-contain-highpriority- security-vulnerabilities/ (Accessed: 18 March 2024) | |
| dc.relation.referencesen | 6. Martin R. A. "Managing vulnerabilities in networked systems," in Computer, vol. 34, no. 11, pp. 32-38, Nov.2001, DOI: 10.1109/2.963441. | |
| dc.relation.referencesen | 7. Docker, Inc., "Overview of Docker Desktop" Docker, Inc., [Onlainovii]. Available:https://docs.docker.com/desktop/. (Accessed: 18 March 2024) | |
| dc.relation.referencesen | 8. Hashemi-Pour C., Bigelow S. J. ta Courtemanche M. "DEFINITION Docker, " TechTarget., [Onlainovii].Available: https://www.techtarget.com/searchitoperations/definition/Docker/. (Accessed: 18 March 2024) | |
| dc.relation.referencesen | 9. Five Security concerns when using docker. (n.d.). Retrieved from Oreilly [Onlainovii]. Available:https://www.oreilly.com/ideas/five-security-concerns-when-using-docker (Accessed: 18 March 2024) | |
| dc.relation.referencesen | 10. Aqua Security Software Ltd., "Data Sources - Trivy," Aqua Security Software Ltd., [Onlainovii]. Available:https://aquasecurity.github.io/trivy/v0.32/docs/vulnerability/detection/data-source/. (Accessed: 18 March 2024) | |
| dc.relation.referencesen | 11. Aqua Security Software Ltd., "Data Sources - Trivy," Aqua Security Software Ltd., [Onlainovii]. Available:https://aquasecurity.github.io/trivy/v0.32/docs/vulnerability/detection/data-source/. (Accessed: 18 March 2024) | |
| dc.relation.referencesen | 12. Canonical Ltd., "CVE reports, " Canonical Ltd., [Onlainovii]. Available: https://ubuntu.com/security/cves/.(Accessed: 18 March 2024) | |
| dc.relation.referencesen | 13. Amazon Web Services, Inc., "Amazon Linux Security Center, " Amazon Web Services, Inc., [Onlainovii].Available: https://alas.aws.amazon.com/. (Accessed: 18 March 2024) | |
| dc.relation.referencesen | 14. Doan P. ta Jung S., "DAVS: Dockerfile Analysis for Container Image Vulnerability Scanning" Computers,Materials &Continua, V. 72, No 1, pp. 1699-1711, 2022. DOI: 10.32604/cmc.2022.025096 | |
| dc.relation.referencesen | 15. Ugale S. ta Potgantwar A. "Container Security in Cloud Environments: A Comprehensive Analysis and FutureDirections for DevSecOps" v RAiSE, Woodhouse, Leeds, 2023. DOI: 10.3390/engproc2023059057 | |
| dc.relation.referencesen | 16. Huang D., Cui H., Wen S. and Huang C. "Security Analysis and Threats Detection Techniques on DockerContainer," 2019 IEEE 5th International Conference on Computer and Communications (ICCC), Chengdu, China,2019, pp. 1214-1220, DOI: 10.1109/ICCC47050.2019.9064441 | |
| dc.relation.referencesen | 17. Brady K., Moon S., Nguyen T. and Coffman J. "Docker Container Security in Cloud Computing" 2020 10thAnnual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 2020, pp. 0975-0980,DOI: 10.1109/CCWC47524.2020.9031195. | |
| dc.relation.referencesen | 18. JFrog Ltd., "JFROG Artifactory" JFrog Ltd., [Onlainovii]. Available: https://jfrog.com/artifactory/.(Accessed: 18 March 2024) | |
| dc.relation.referencesen | 19. JFrog Ltd., "JFrog Xray" JFrog Ltd., [Onlainovii]. Available: https://jfrog.com/help/r/get-started-with-thejfrog-platform/jfrog-xray. (Accessed: 18 March 2024) | |
| dc.relation.referencesen | 20. Aqua Security Software Ltd., "Trivy Documentation," Aqua Security Software Ltd., [Onlainovii]. Available:https://aquasecurity.github.io/trivy/v0.49/. (Accessed: 18 March 2024) | |
| dc.relation.referencesen | 21. Snyk Limited, "Snyk Vulnerability Database", Snyk Limited [Onlainovii]. Available: https://security.snyk.io/.(Accessed: 18 March 2024) | |
| dc.relation.referencesen | 22. Docker, Inc., "Docker Hub" Docker, Inc., [Onlainovii]. Available: https://hub.docker.com/. (Accessed: 18March 2024) | |
| dc.relation.referencesen | 23. Red Hat, Inc., "CVE-2023-24538" Red Hat, Inc., [Onlainovii]. Available:https://access.redhat.com/security/cve/cve-2023-24538. (Accessed: 18 March 2024) | |
| dc.relation.uri | https://www.banyansecurity.io/blog/over-30-of-official-images-in-docker-hub-contain-highpriority- | |
| dc.relation.uri | https://docs.docker.com/desktop/ | |
| dc.relation.uri | https://www.techtarget.com/searchitoperations/definition/Docker/ | |
| dc.relation.uri | https://www.oreilly.com/ideas/five-security-concerns-when-using-docker | |
| dc.relation.uri | https://aquasecurity.github.io/trivy/v0.32/docs/vulnerability/detection/data-source/ | |
| dc.relation.uri | https://ubuntu.com/security/cves/.(Accessed: | |
| dc.relation.uri | https://alas.aws.amazon.com/ | |
| dc.relation.uri | https://jfrog.com/artifactory/.(Accessed: | |
| dc.relation.uri | https://jfrog.com/help/r/get-started-with-thejfrog-platform/jfrog-xray | |
| dc.relation.uri | https://aquasecurity.github.io/trivy/v0.49/ | |
| dc.relation.uri | https://security.snyk.io/.(Accessed: | |
| dc.relation.uri | https://hub.docker.com/ | |
| dc.relation.uri | https://access.redhat.com/security/cve/cve-2023-24538 | |
| dc.rights.holder | © Національний університет „Львівська політехніка“, 2024 | |
| dc.rights.holder | © Дарієнко Д. Г., Когут Н. М., 2024 | |
| dc.subject | захист інформації | |
| dc.subject | кібербезпека | |
| dc.subject | контейнер | |
| dc.subject | docker | |
| dc.subject | сканування | |
| dc.subject | вразливість безпеки | |
| dc.subject | information protection | |
| dc.subject | cybersecurity | |
| dc.subject | container | |
| dc.subject | docker | |
| dc.subject | scanning | |
| dc.subject | security vulnerability | |
| dc.subject.udc | 004.75 | |
| dc.subject.udc | 004.8 | |
| dc.title | Методи сканування образу docker контейнерів на предмет вразливостей безпеки | |
| dc.title.alternative | Docker container image scanning methods on the subject of security vulnerabilities | |
| dc.type | Article |