NCI WEBSITE
NORMA eResearch @NCI Library

Longitudinal risk-based security assessment of Docker software container images

Tools

Mendonsa, Alric Nestor (2024) Longitudinal risk-based security assessment of Docker software container images. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (779kB) | Preview

Abstract

In today’s cloud-pushed software program improvement ecosystem, Docker containers have emerged as a cornerstone for utility deployment because of their portability and scalability. However, the increase of vulnerabilities inside Docker images poses vast safety dangers, mainly whilst left unmonitored over time. The study investigates the longitudinal dangers related to Docker images hosted on DockerHub with the aid of using a comparative evaluation of open-source vulnerability assessment scanning tools ”Trivy” and ”Grype” towards AWS’s Elastic Container Registry (ECR) scanning service. A dataset of Docker images was been put to test to periodic vulnerability checks, with the aim of getting the outcome analyzed for detection efficiency, coverage, and timeliness. Using AWS offerings which include EC2, ECR, S3, CodeBuild, and CodePipeline, an automatic CI/CD pipeline turned into applied to test box photographs and keep outcomes for visualization. The findings show actionable insights into the evolving safety of containerized applications, which presents a strong method to improve the aspect of vulnerability control practices. This observe underscores the significance of integrating multi-device checks to enhance safety controls in containerized environments.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Heeney, Sean
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Cloud computing
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cloud Computing
Depositing User: Ciara O'Brien
Date Deposited: 15 Jul 2025 14:29
Last Modified: 15 Jul 2025 14:29
URI: https://norma.ncirl.ie/id/eprint/8122

Actions (login required)

View Item View Item