Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Container mirror image security detection method, terminal equipment and storage medium

A technology of security detection and mirroring, applied in computer security devices, instruments, software deployment, etc., can solve problems such as insufficient data detection and inability to meet container security usage scenarios, and achieve the effect of improving the level of security protection

Active Publication Date: 2021-07-27
XIAMEN FUYUN INFORMATION TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to solve the above problems, the present invention proposes a container image security detection method, a terminal device and a storage medium, which are used to solve the inability to meet the actual container security usage scenarios due to insufficient detection of data in the image by mainstream container image scanning software question of needs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container mirror image security detection method, terminal equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] The embodiment of the present invention provides a container image security detection method, such as figure 1 As shown, the method includes the following steps:

[0024] S1: Scan the image for software packages, classify the scanned software packages, and determine the type of technology stack used.

[0025] When classifying the software package, it is classified according to the file name and file suffix of each file corresponding to the software package. The result of the classification is the type of the technology stack to which it belongs, such as the type with java as the main service, and the type with php as the main service. different types, etc., different types have pre-established different vulnerability detection rules. Through targeted vulnerability detection, it is possible to detect sensitive information (password leakage, unobfuscated WEB source code), viruses, Trojan horses, web backdoors and other security risks that cannot be detected by convention...

Embodiment 2

[0044] The present invention also provides a container image security detection terminal device, including a memory, a processor, and a computer program stored in the memory and operable on the processor. When the processor executes the computer program, the present invention is realized. Steps in the above method embodiment of the first embodiment of the invention.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a container mirror image security detection method, terminal equipment and a storage medium, and the method comprises the steps: S1, carrying out the software package scanning of a mirror image, classifying the scanned software package, and judging the type of a technology stack used by the software package; S2, according to the classification result of the software package, performing vulnerability detection on the software package through a vulnerability detection rule corresponding to the classification result; s3, reading data of the software package management tool in the mirror image to obtain paths of all installation files related to the software package; s4, according to a path set formed by paths of all installation files related to the software package, carrying out reverse filtering in the mirror image, finding out all files not belonging to the path set, and carrying out vulnerability detection of a general vulnerability detection rule on all the found files. According to the method, the problem that the requirements of a safe use scene of an actual container cannot be met due to the fact that mainstream container mirror image scanning software cannot sufficiently detect data in a mirror image is solved.

Description

technical field [0001] The present invention relates to the field of container mirroring, in particular to a container mirroring security detection method, a terminal device and a storage medium. Background technique [0002] With the widespread application of container technology, more and more software is deployed in a containerized manner, and most of the images used by these containers come from mirror warehouses on the Internet, and these mirror warehouses do not guarantee the security of the mirror images. In this situation, it is easy to introduce some unsafe images, which threaten the security of the basic system. [0003] Most Docker images depend on different versions of operating system base images. As time goes by, various versions of software will expose some vulnerabilities, but the images will not change instantly. At the same time, some individuals or organizations will create images containing specific software vulnerabilities for various purposes, and put ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/57G06F8/61
CPCG06F21/562G06F21/577G06F8/63
Inventor 付志波陈奋陈荣有孙晓波龚利军
Owner XIAMEN FUYUN INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com