NCI WEBSITE
NORMA eResearch @NCI Library

Detecting Container vulnerabilities leveraging the CICD pipeline

Tools

Bhardwaj, Preeti (2023) Detecting Container vulnerabilities leveraging the CICD pipeline. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration manual]
Preview
 PDF (Configuration manual)
Download (2MB) | Preview

Abstract

Docker images are lightweight executable software that contains everything that is needed to make an application run smoothly. Docker images are a popular choice over virtual machines. Docker images have multiple vulnerabilities in them such as Denial-of-services(DoS), Man-in-Middle, etc, which makes it essential to test and secure these images effectively. There are several tools to test the docker images Perhaps the limitation comes down to the methodology which in most cases might not be automated and can be tedious to carry out. Scanning the docker images for vulnerabilities is essential as any non-detected vulnerability leaked from the image can corrupt the host system, can lead to the insertion of malicious code in the image, or can even spoof MAC and IP addresses. We have implemented a CI CD pipeline with the capability to scan the docker images for CVEs in an automated test bed for vulnerabilities before deploying them. The setup consists of a pipeline with the different stages from build to test along with the tools such as Trivy and Clair to scan the vulnerabilities on the docker images with known vulnerabilities and CVEs.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Moldovan, Arghir-Nicolae
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Tamara Malone
Date Deposited: 28 Apr 2023 13:33
Last Modified: 28 Apr 2023 13:33
URI: https://norma.ncirl.ie/id/eprint/6512

Actions (login required)

View Item View Item