Vulnerability Analysis of Docker Hub Official Images and Verified Images

Vulnerability Analysis of Docker Hub Official Images and Verified Images

연구 분야: Software Development

학회: 2023 IEEE International Conference on Service-Oriented System Engineering (SOSE)

Container technology is gaining significant attention as compared to virtual machines due to an increase in the use of cloud computing and containers use fewer resources as compared to virtual machines. Docker is the most widely used container technology that helps in managing and running containers. Containers use images for execution that can be created with the help of a docker file or can be downloaded from various open-source repositories. Docker uses a Docker hub repository that consists of official and verified images. As containers share the host operating system, there is a need to monitor the security of the images. In this paper, we are analyzing the vulnerabilities in official and verified docker images with the help of open-source vulnerability detection tools such as anchore, aqua trivy, docker scan and jfrog xray. This paper helps in identifying which types of images are more secure based on the number of vulnerabilities and severity of vulnerabilities and whether the number of pulls and number of stars affects the number of vulnerabilities in images.