1.
ConPan: A Tool to Analyze Packages
in Software Containers
Ahmed Zerouali, Valerio Cosentino,
Jesus Gonzalez Barahona, Gregorio Robles,
Tom Mens
Mining Software Repositories 2019
Montreal, QC, Canada - May 26-27, 2019

2.
Motivation: Security vulnerabilities are main barrier to
container adoption in production environments

3.
Motivation: Security vulnerabilities are main barrier to
container adoption in production environments

4.
Motivation: Other main
concerns for container adoption
• Dependencies (required
packages)
• Bugs in third-party software
• Outdated third-party software

5.
Available tools scanning Docker images

6.
“Systems with a low dependency freshness are more than four
times as likely to contain security issues in these dependencies.”
J. Cox et al. “Measuring Dependency Freshness in Software Systems”, ICSE 2015.
"The number of vulnerabilities is moderately correlated with the
number of outdated packages in a container”
A. Zerouali, et al. “On the Relation between Outdated Docker Containers, Severity
Vulnerabilities, and Bugs”, Saner 2019.
Are there any tools that combine information about outdatedness
and security vulnerabilities?
Motivation: Outdatedness causes Security vulnerabilities

7.
ConPAn: ‘Container Packages Analyzer’

8.
ConPan Installation:
$ git clone https://github.com/neglectos/ConPan
$ python3 setup.py build
$ python3 setup.py install

9.
ConPan in action: # Call ConPan from command line
$ conpan -p debian -c <Docker image> -d path/to/data
Example: $ conpan -p debian -c google/mysql -d /ConPan/data/debian/

10.
ConPan in action: # Call ConPan from command line
$ conpan -p debian -c <Docker image> -d path/to/data
Example: $ conpan -p debian -c google/mysql -d /ConPan/data/debian/

11.
ConPan in action: # Call ConPan from API

12.
ConPan in action: # Call ConPan from API -> Results

13.
ConPan in action: # Call ConPan from API -> Results

14.
https://media.giphy.com/media/DUrdT2xEmJWbS/giphy.gif
Questions