A container vulnerability scanning method and device

What is AI technical title?
AI technical title is built by PatSnap AI team. It summarizes the technical point description of the patent document.
By generating a list of detection items based on host process information and combining it with local network address scanning, this technology solves the problem that existing technologies cannot detect vulnerabilities caused by configuration modifications after a container is running, thus achieving efficient and accurate container vulnerability scanning.

CN114444082BActive Publication Date: 2026-06-12CHINA TELECOM CLOUD TECH CO LTD

View PDF 1 Cites 0 Cited by

Patent Information

Authority / Receiving Office: CN · China
Patent Type: Patents(China)
Current Assignee / Owner: CHINA TELECOM CLOUD TECH CO LTD
Filing Date: 2021-12-27
Publication Date: 2026-06-12

Application Information

Patent Timeline

27 Dec 2021

Application

12 Jun 2026

Publication

CN114444082B

IPC: G06F21/57; G06F9/455

CPC: G06F21/577; G06F9/45558; G06F2009/45595; G06F2009/45587

AI Tagging

Application Domain

Platform integrity maintainance Software simulation/interpretation/emulation

Technical Efficacy Phrases

shorten the timeincrease diversity

Explore More Agents

Novelty Search
Search existing technologies and assess novelty
↗
FTO
Analyze whether a product may infringe others' patents
↗
Design FTO
Check prior-design risk for exterior design
↗
Drafting
Draft patent application text based on a technical solution
↗
Find Solutions with TRIZ
Generate feasible solution to solve your technical challenge
↗

Similar Technology Patents

A heterogeneous robot collaboration method
CN116408796BProgramme-controlled manipulator
High kink resistant cable cabling and stranding apparatus
CN224383968ULabor-saving loading and unloadingshorten the time
A single-phase intelligent electric meter plug-in structure
CN224384668UImprove work efficiencysmooth entry
Multi-layer nested vehicle mirror structure
CN224348838Ufast deliveryFast thawingOhmic-resistance heating detailsHeating element shapes
Method, system, electronic device and storage medium for detecting harmful URLs
CN115098806BHigh degree of visualizationImprove adaptability

Get free access to AI patent search and analysis

Check patentability, review prior art and ask IP Agent with full patent context.

AI Technical Summary

⚠Technical Problem

Existing container vulnerability scanning methods cannot detect application risks and weak passwords caused by configuration modifications after the container is running, and external network scanning is time-consuming.

⚗Method used

By determining the information of the software application based on the process information of the host machine corresponding to the container to be detected, a list of detection items is generated, and vulnerability scanning is performed based on the local absolute path and network address of the host machine. The results are then summarized to improve scanning efficiency and accuracy.

🎯Benefits of technology

It shortens container vulnerability scanning time, improves the comprehensiveness and accuracy of scan results, and can detect vulnerabilities caused by configuration modifications after the container is running.

✦ Generated by Eureka AI based on patent content.

Smart Images

Figure CN114444082B_ABST

Patent Text Reader

Abstract

The application provides a container vulnerability scanning method and device, and the method comprises the following steps: determining software information of a software application in a to-be-detected container according to process information of a host computer corresponding to the to-be-detected container; determining a detection item list corresponding to the software application according to the software information; and performing vulnerability scanning on the to-be-detected container according to the detection item list to obtain a vulnerability scanning result. Through the execution of the application, the detection item list corresponding to the software application is determined according to the software information of the software application in the to-be-detected container, and only the detection item list needs to be scanned when performing the vulnerability scanning, without scanning all vulnerability risk detection items, so that the time of container vulnerability scanning can be shortened. The scanning result is obtained by summarizing the network scanning result and the local scanning result, and the comprehensiveness and accuracy of the container vulnerability scanning result are improved.

Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of network security, and specifically relates to a container vulnerability scanning method and apparatus. Background Technology

[0002] Security vulnerabilities refer to flaws in the logical design or errors in the programming of application or operating system software. These flaws or errors can be exploited by malicious actors or hackers to attack or control the entire host by implanting Trojans, viruses, or other malicious software, thereby stealing important data and information stored on the host, or even destroying the entire system. In a native environment, where business operations are broken down into individual container instances for external service, timely and targeted vulnerability scans are even more crucial to mitigate potential security risks.

[0003] Currently, common container vulnerability scanning methods are mainly: The first is image scanning, which involves obtaining the container image and parsing the software applications it contains. By obtaining the software name and version, the corresponding vulnerability database is matched. This method cannot detect application risks caused by changes in configuration after the container is running, weak passwords, and other vulnerabilities. The second is external network scanning, which involves scanning the container through an external scanner if the container instance provides external access. This method requires scanning the container according to all detection items, which takes a long time. Summary of the Invention

[0004] Therefore, in view of the problems in the prior art, the present invention provides a container vulnerability scanning method and apparatus to solve the problems existing in the prior art.

[0005] In a first aspect, the present invention provides a container vulnerability scanning method, comprising: determining software information of a software application in the container to be detected based on process information of the host machine corresponding to the container to be detected; determining a list of detection items corresponding to the software application based on the software information; and performing vulnerability scanning on the container to be detected according to the list of detection items to obtain vulnerability scanning results.

[0006] Optionally, in the container vulnerability scanning method provided by the present invention, determining the software information of the software application in the container to be detected based on the process information of the host machine corresponding to the container to be detected includes: obtaining the process information of the host machine corresponding to the container to be detected; determining the process name and process parameters corresponding to the software application based on the process information; and determining the software information corresponding to the process name and process parameters in the local information cache.

[0007] Optionally, in the container vulnerability scanning method provided by this invention, vulnerability scanning is performed on the container to be tested according to the detection item list to obtain vulnerability scanning results, including: determining the container instance information of the container to be tested; determining the network address of the host machine corresponding to the container to be tested and the local absolute path of the application software in the container to be tested on the host machine based on the container instance information; performing a local vulnerability scan on the container to be tested according to the detection item list based on the local absolute path to obtain local scan results; performing a network vulnerability scan on the container to be tested according to the detection item list based on the network address to obtain network scan results; and summarizing the local scan results and the network scan results to obtain vulnerability scanning results.

[0008] Optionally, in the container vulnerability scanning method provided by the present invention, determining the network address of the host machine corresponding to the container to be detected based on the container instance information includes: determining the network mode of the container instance based on the container instance information; if the network mode of the container instance is not the host network mode, using the container instance identifier of the container instance to determine the network address of the host machine corresponding to the container to be detected.

[0009] Optionally, in the container vulnerability scanning method provided by the present invention, determining the local absolute path of the application software in the container to be detected on the host machine based on the container instance information includes: obtaining the actual working directory mapped by the software application on the host machine based on the container instance information; concatenating the working directory with the process path of the software application to obtain the local absolute path of the application software on the host machine.

[0010] Optionally, in the container vulnerability scanning method provided by the present invention, determining the list of detection items corresponding to the software application based on the software information includes: determining the software application type and software application version in the software information; performing a matching scan in the local vulnerability database based on the software application type and software application version to obtain the list of detection items corresponding to the software application.

[0011] Optionally, in the container vulnerability scanning method provided by the present invention, a local vulnerability scan is performed on the container to be scanned based on the local absolute path and according to the detection item list to obtain the local scan results, including: obtaining the configuration file corresponding to the software application based on the local absolute path; and detecting the configuration file according to the detection item list to obtain the local scan results.

[0012] Secondly, the present invention provides a vulnerability scanning device, comprising: a data acquisition module, used to determine the software information of a software application in the container to be detected based on the process information of the host machine corresponding to the container to be detected; a data retrieval module, used to determine a list of detection items corresponding to the software application based on the software information; and a vulnerability scanning module, used to perform vulnerability scanning on the container to be detected according to the list of detection items, and obtain vulnerability scanning results.

[0013] Thirdly, the present invention provides a computer-readable storage medium that stores computer instructions which are executed by a processor to implement a container vulnerability scanning method.

[0014] Fourthly, the present invention provides a computer device comprising: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to perform a container vulnerability scanning method.

[0015] The technical solution of this invention has the following advantages:

[0016] 1. This invention determines the software information of the software application in the container to be tested based on the process information of the host machine corresponding to the container to be tested, and determines the list of detection items corresponding to the software application based on the software information of the software application in the container to be tested. When performing vulnerability scanning, only the list of detection items needs to be scanned, and there is no need to scan all vulnerability risk detection items, which can shorten the time of the entire container vulnerability scanning.

[0017] 2. This invention performs vulnerability scanning of software applications in the container to be detected based on the local absolute path and network address of the host machine, and combines the local scan results and network scan results to obtain the scan results, thereby improving the comprehensiveness and accuracy of container vulnerability scanning results. Attached Figure Description

[0018] To more clearly illustrate the specific embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the specific embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained from these drawings without creative effort.

[0019] Figure 1 This is a flowchart of a specific example of the container vulnerability scanning method in this invention.

[0020] Figure 2 This is a schematic diagram of a specific example of the container vulnerability scanning device in an embodiment of the present invention;

[0021] Figure 3 This is a schematic diagram of a specific example of a computer device in an embodiment of the present invention. Detailed Implementation

[0022] The technical solution of the present invention will now be clearly and completely described with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0023] Unless the context explicitly requires it, the words "comprising," "including," and similar terms throughout the specification and claims should be interpreted as encompassing rather than being exclusive or exhaustive; that is, meaning "including but not limited to."

[0024] In the description of this invention, it should be understood that the terms "first," "second," etc., are used for descriptive purposes only and should not be construed as indicating or implying relative importance. Furthermore, in the description of this invention, unless otherwise stated, "a plurality of" means two or more.

[0025] Furthermore, the technical features involved in the different embodiments of the present invention described below can be combined with each other as long as they do not conflict with each other.

[0026] This invention provides a container vulnerability scanning method, such as... Figure 1 As shown, the method includes:

[0027] Step S1: Determine the software information of the software application in the container to be detected based on the process information of the host machine corresponding to the container to be detected.

[0028] In one optional embodiment, the software information includes software application type and software application version, etc.

[0029] In one optional embodiment, the software application runs in a container to be tested, the container to be tested runs in a host machine, and the software information is determined by the process of the software application being executed on the host machine.

[0030] Step S2: Determine the list of detection items corresponding to the software application based on the software information.

[0031] In one optional embodiment, the list of detection items includes potential vulnerability risks of the software application. The potential vulnerability risks are not exactly the same for different software applications, so the list of detection items is different for different software applications.

[0032] In one optional embodiment, the detection item list corresponding to each software application is set according to historical experience. Different vulnerability risk items generated by different software applications are determined based on historical data. For a software application, the vulnerability risk items generated during the operation of the software application are integrated to form the detection item list corresponding to the software application.

[0033] In one optional embodiment, the list of detection items corresponding to each software application is set according to historical experience. Different vulnerability risk items generated by different software applications are determined based on historical data. Vulnerability risk items that occur more frequently than a preset frequency are integrated to form the list of detection items corresponding to the software application.

[0034] Step S3: Perform vulnerability scanning on the container to be tested according to the list of detection items, and obtain the vulnerability scanning results.

[0035] In one optional embodiment, the detection item list includes potential vulnerability risks of the software application. When performing a vulnerability scan on the container to be detected according to the detection item list, it is determined whether there are vulnerabilities in the container to be detected that correspond to the vulnerability risks recorded in the detection item list, thereby obtaining the vulnerability scan results.

[0036] In this embodiment of the invention, a list of detection items corresponding to the software application is determined based on the software information of the software application in the container to be detected. When performing vulnerability scanning, only the list of detection items needs to be scanned, and there is no need to scan all vulnerability risk detection items, which can shorten the time of the entire container vulnerability scanning.

[0037] In an optional embodiment, step S1 specifically includes:

[0038] First, obtain the process information of the host machine corresponding to the container to be detected.

[0039] In one optional embodiment, the process information of the host machine corresponding to the container to be detected includes the process information of the container engine itself and the process information of the software application.

[0040] Then, the process name and process parameters corresponding to the software application are determined based on the process information.

[0041] In one optional embodiment, the process information of the container engine to be detected is obtained by excluding the process information of the host machine's process information. The process information of the software application includes the process name and process parameters corresponding to the software application.

[0042] Finally, the software information corresponding to the process name and process parameters is determined in the local information cache.

[0043] In one alternative embodiment, the software information includes the type and version of the software application.

[0044] In one optional embodiment, the local information cache and the cloud information cache contain information such as the type, process name, and process parameters of the software application. The process name and process parameters of the software application can determine a unique type. The process names and process parameters of the software application in the local information cache and the cloud information cache correspond one-to-one with the process names and process parameters of the software application in the container to be detected. By querying and matching the process names and process parameters of the software application in the container to be detected in the local information cache, the type of the software application can be obtained.

[0045] In one optional embodiment, if the type of the software application corresponding to the software application cannot be obtained in the local information cache, a query and matching is performed through the cloud information cache, and the obtained type of the software application is saved to the local information cache.

[0046] In one alternative embodiment, the version of the software application is determined based on the process file corresponding to the process of the software application.

[0047] In an alternative embodiment, the version of the software application may also be determined based on local configuration.

[0048] In an optional embodiment, step S2 specifically includes:

[0049] First, determine the software application type and version from the software information.

[0050] Then, a matching scan is performed in the local vulnerability database based on the software application type and version to obtain a list of detection items corresponding to the software application.

[0051] If the vulnerability risk check items corresponding to the type and version of the software application cannot be obtained from the local vulnerability database, a query and matching will be performed in the cloud vulnerability database, and the obtained vulnerability risk check items corresponding to the type and version of the software application will be saved to the local vulnerability database.

[0052] In one optional embodiment, the list of detection items corresponding to each software application is stored in a local vulnerability database and / or a cloud vulnerability database. The software information includes the type and version of the software application in the container to be detected. The local vulnerability database and the cloud vulnerability database contain a list of vulnerability risk check items classified according to the type and version of the software application. The type and version of the software application in the local vulnerability database and the cloud vulnerability database correspond one-to-one with the type and version of the software application in the container to be detected. The list of detection items corresponding to the software application can be determined through the software information.

[0053] In an optional embodiment, step S3 specifically includes:

[0054] First, determine the container instance information of the container to be detected.

[0055] In an optional embodiment, the container instance information of the container to be detected can be determined by container system commands.

[0056] Secondly, based on the container instance information, determine the network address of the host machine corresponding to the container to be detected, as well as the local absolute path of the application software in the container to be detected on the host machine.

[0057] Next, based on the local absolute path, a local vulnerability scan is performed on the container to be scanned according to the list of detection items to obtain the local scan results.

[0058] Based on the network address, the container to be tested is scanned for network vulnerabilities according to the list of detection items, and the network scan results are obtained.

[0059] Finally, the local scan results and network scan results are combined to obtain the vulnerability scan results.

[0060] In an optional embodiment, the step of determining the network address of the host machine corresponding to the container to be detected based on the container instance information specifically includes:

[0061] First, determine the network mode of the container instance based on the container instance information.

[0062] Then, determine whether the network mode of the container instance is the host network mode. If the network mode of the container instance is not the host network mode, use the container instance identifier command to determine the network address of the host machine corresponding to the container to be detected.

[0063] In one optional embodiment, if the network mode of the container instance is host network mode, the local network address of the host machine corresponding to the container to be detected is obtained, and the local network address is determined as the network address of the host machine corresponding to the container to be detected.

[0064] In an optional embodiment, the step of determining the local absolute path of the application software in the container to be detected on the host machine based on the container instance information specifically includes:

[0065] First, obtain the actual working directory mapped by the software application on the host machine based on the container instance information.

[0066] In one alternative embodiment, the working directory actually mapped by the software application on the host machine is the path of the container to be detected based on the host machine.

[0067] Then, the working directory is concatenated with the process path of the software application to obtain the local absolute path of the application software on the host machine.

[0068] In one optional embodiment, the process path of the software application is obtained through the process PID of the system. Since the process path of the software application is the path of the software application based on the container to be detected, and the working directory actually mapped by the software application on the host machine is the path of the container to be detected based on the host machine, the local absolute path of the application software on the host machine can be obtained by concatenating the working directory with the process path of the software application.

[0069] In one optional embodiment, a local vulnerability scan is performed on the container to be scanned based on the local absolute path and according to the list of detection items, to obtain the local scan results, including:

[0070] First, obtain the configuration file corresponding to the software application based on the local absolute path.

[0071] In one alternative embodiment, the local absolute path is the location of the corresponding software application's configuration file on the host machine.

[0072] Then, the configuration file is checked according to the list of detection items to obtain the local scan results.

[0073] Since container configurations change after container execution, new vulnerabilities may arise in the configuration files corresponding to the software application. Image vulnerability scanning involves performing local vulnerability scanning on the container image before the container runs. The container image is the configuration file corresponding to the software application obtained before the container runs. Therefore, image vulnerability scanning cannot detect new vulnerabilities arising from modifications to the configuration file during container execution. In this embodiment of the invention, the local absolute path of the software application is determined based on the process information generated when the host machine runs the software application in the container to be tested. The configuration file is determined based on the local absolute path of the software application. That is, the configuration file obtained in this embodiment of the invention is the configuration file during the execution of the container to be tested. Therefore, by implementing this invention, vulnerabilities arising after the container runs can be detected.

[0074] In an optional embodiment, when performing step S1 above, if the software information of the software application in the container to be tested cannot be determined, the network address of the host machine corresponding to the container to be tested is determined first, and then a full scan of check items is performed based on the network address and open port connection.

[0075] This invention provides a container vulnerability scanning device, such as... Figure 2 As shown, the device includes:

[0076] Data acquisition module 1 is used to determine the software information of the software application in the container to be detected based on the process information of the host machine corresponding to the container to be detected. For details, please refer to the description of step S1 in the above implementation column, which will not be repeated here.

[0077] Data retrieval module 2 is used to determine the list of detection items corresponding to the software application based on the software information. For details, please refer to the description of step S2 in the above implementation column, which will not be repeated here.

[0078] Vulnerability scanning module 3 is used to perform vulnerability scanning on the container to be tested according to the list of detection items and obtain vulnerability scanning results. For details, please refer to the description of step S3 in the above implementation column, which will not be repeated here.

[0079] For specific limitations and beneficial effects regarding a container vulnerability scanning device, please refer to the limitations of the container vulnerability scanning method above, which will not be repeated here. Each module in the aforementioned container vulnerability scanning device can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in or independent of the processor in an electronic device, or stored in the memory of an electronic device in software form, so that the processor can call and execute the operations corresponding to each module.

[0080] This invention also provides a non-transitory computer storage medium storing computer-executable instructions that can execute the container vulnerability scanning method in any of the above method embodiments. The storage medium can be a magnetic disk, optical disk, read-only memory (ROM), random access memory (RAM), flash memory, hard disk drive (HDD), or solid-state drive (SSD), etc.; the storage medium may also include combinations of the above types of memory.

[0081] This invention also provides a computer device, such as... Figure 3 As shown, the computer device may include at least one processor 31, at least one communication interface 32, at least one communication bus 33, and at least one memory 34. The communication interface 32 may include a display screen and a keyboard; optionally, the communication interface 32 may also include a standard wired interface or a wireless interface. The memory 34 may be high-speed RAM (Random Access Memory) or non-volatile memory, such as at least one disk drive. Optionally, the memory 34 may also be at least one storage device located remotely from the aforementioned processor 31. The memory 34 stores application programs, and the processor 31 calls the program code stored in the memory 34 to execute the steps of any of the above embodiments of the invention.

[0082] The communication bus 33 can be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus, etc. The communication bus 33 can be divided into an address bus, a data bus, a control bus, etc. For ease of representation, Figure 3 The bus is represented by a single thick line, but this does not mean that there is only one bus or one type of bus.

[0083] The memory 34 may include volatile memory, such as random-access memory (RAM); the memory may also include non-volatile memory, such as flash memory, hard disk drive (HDD) or solid-state drive (SSD); the memory 34 may also include a combination of the above types of memory.

[0084] The processor 31 can be a central processing unit (CPU), a network processor (NP), or a combination of CPU and NP.

[0085] The processor 31 may further include a hardware chip. This hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof. The PLD may be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL), or any combination thereof.

[0086] Optionally, memory 34 is also used to store program instructions. Processor 31 can invoke program instructions to implement the present invention. Figure 1 The container vulnerability scanning method shown in the embodiment.

Claims

1. A container vulnerability scanning method, characterized in that, include: The software information of the software application in the container to be tested is determined based on the process information of the host machine corresponding to the container to be tested. Determine the list of detection items corresponding to the software application based on the software information; The container to be tested is scanned for vulnerabilities according to the list of detection items, and the vulnerability scan results are obtained. Specifically, the container to be tested is scanned for vulnerabilities according to the list of detection items to obtain vulnerability scan results, including: Determine the container instance information of the container to be detected; The network address of the host machine corresponding to the container to be detected and the local absolute path of the application software in the container to be detected on the host machine are determined based on the container instance information. Based on the local absolute path, a local vulnerability scan is performed on the container to be detected according to the list of detection items to obtain the local scan results. Based on the network address, a network vulnerability scan is performed on the container to be detected according to the list of detection items to obtain the network scan results; The vulnerability scan results are obtained by summarizing the local scan results and the network scan results.

2. The container vulnerability scanning method according to claim 1, characterized in that, The software information of the software application in the container to be tested is determined based on the process information of the host machine corresponding to the container to be tested, including: Obtain the process information of the host machine corresponding to the container to be detected; The process name and process parameters corresponding to the software application are determined based on the process information. Determine the software information corresponding to the process name and process parameters in the local information cache.

3. The container vulnerability scanning method according to claim 1, characterized in that, The network address of the host machine corresponding to the container to be detected is determined based on the container instance information, including: Determine the network mode of the container instance based on the container instance information; If the network mode of the container instance is not the host network mode, the network address of the host machine corresponding to the container to be detected is determined by the container instance identifier command.

4. The container vulnerability scanning method according to claim 1, characterized in that, Determining the local absolute path of the application software in the container to be detected on the host machine based on the container instance information includes: Based on the container instance information, obtain the working directory that the software application is actually mapped on the host machine; By concatenating the working directory with the process path of the software application, the local absolute path of the application software in the host machine is obtained.

5. The container vulnerability scanning method according to claim 1 or 2, characterized in that, Based on the software information, a list of detection items corresponding to the software application is determined, including: Determine the software application type and software application version in the software information; Based on the software application type and version, a matching scan is performed in the local vulnerability database to obtain a list of detection items corresponding to the software application.

6. The container vulnerability scanning method according to claim 1, characterized in that, Based on the local absolute path, a local vulnerability scan is performed on the container to be detected according to the detection item list to obtain the local scan results, including: Obtain the configuration file corresponding to the software application based on the local absolute path; The configuration file is tested according to the list of detection items to obtain the local scan results.

7. A vulnerability scanning device, characterized in that, include: The data acquisition module is used to determine the software information of the software application in the container to be detected based on the process information of the host machine corresponding to the container to be detected; The data retrieval module is used to determine the list of detection items corresponding to the software application based on the software information; The vulnerability scanning module is used to perform vulnerability scanning on the container to be detected according to the list of detection items, and obtain vulnerability scanning results; The vulnerability scanning module is specifically used for: Determine the container instance information of the container to be detected; The network address of the host machine corresponding to the container to be detected and the local absolute path of the application software in the container to be detected on the host machine are determined based on the container instance information. Based on the local absolute path, a local vulnerability scan is performed on the container to be detected according to the list of detection items to obtain the local scan results. Based on the network address, a network vulnerability scan is performed on the container to be detected according to the list of detection items to obtain the network scan results; The vulnerability scan results are obtained by summarizing the local scan results and the network scan results.

8. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer instructions that, when executed by a processor, implement the container vulnerability scanning method as described in any one of claims 1-6.

9. A computer device, characterized in that, include: At least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to perform the container vulnerability scanning method as described in any one of claims 1-6.