search

prince-chrismc / Docker-Security-Analysis

This repository is to contain my work for a Technical Report (ENGR 411) at Concordia University during the Fall 2018 Semester
https://prince-chrismc.github.io/Docker-Security-Analysis/
GNU General Public License v3.0
2 stars 0 forks source link

Scanners #3

Open prince-chrismc opened 5 years ago

prince-chrismc commented 5 years ago

How do they Identify images

prince-chrismc commented 5 years ago

The original questions was how to they identify vulnerability

prince-chrismc commented 5 years ago

I've been using Vuls with their fast scan mode. This queries the package manager to find the list of installed packages, it then runs an upgraded to get the change logs to see what CVEs were fixed in the upgrades

fast scan mode

prince-chrismc commented 5 years ago

details for how anchore does it [here] which is very similar to vuls

prince-chrismc commented 5 years ago

both use the same databases https://anchore.com/cloud/docs/image-security/

prince-chrismc commented 5 years ago

Shockingly Anchore uses the package manager of the OS to obtain the packages!

https://github.com/anchore/anchore/blob/8a4d5b9708e27856312d303aae3f04f3c72039d6/anchore/anchore-modules/analyzers/20_file_list.py#L19

https://github.com/anchore/anchore/blob/8a4d5b9708e27856312d303aae3f04f3c72039d6/anchore/anchore-modules/analyzers/20_file_list.py#L92

prince-chrismc commented 5 years ago

It gets worse! They actually parse the package manager files in the image to determine which packages are available

https://github.com/anchore/anchore/blob/8a4d5b9708e27856312d303aae3f04f3c72039d6/anchore/anchore-modules/analyzers/31_file_package_verify.py#L104