SlideShare a Scribd company logo

DockerFinder: Multi-attribute search of Docker images

Download as PPTX, PDF
D
Davide Neri

Docker containers run from Docker images, which can be distributed through so-called Docker registries. The currently available support for searching images in registries is however limited. Available registries (e.g., Docker Hub) only permit searching images “by name”, i.e. by specifying a term occurring in the image name, in the image description or in the name of the user that created such image. DOCKERFINDER permits searching for images based on multiple attributes, e.g., image name, image size, or supported software distributions.

Technology
1 of 25
DOCKERFINDER: MULTI-ATTRIBUTE SEARCH OF DOCKER IMAGES Antonio Brogi, Davide Neri, and Jacopo Soldani Department of Computer Science, University of Pisa, Italy {name.surname}@di.unipi.it
Deployment scenario with Docker How we can search a Docker image that satisfies these requirements ? 200 MB Multi-attribute search of Docker images 2 Application Docker Registry
Searching Docker images (1) $ docker search –stars=10 java NAME DESCRIPTION STARS OFFICIAL AUTOMATED java Java is a concurrent ... 1334 [OK] anapsix/alpine-java Oracle Java 8 (and 7) ... 197 [OK] isuper/java-oracle This repository contai... 52 [OK] Usage: docker search [OPTIONS] TERM Search the Docker Hub for images Options: -f, --filter filter Filter output based on conditions provided --help Print usage --limit int Max number of search results (default 25) --no-trunc Don't truncate output Search by command line Example Multi-attribute search of Docker images 3
Searching Docker images (2) Search by Web (e.g. Docker Hub) Multi-attribute search of Docker images 4
Deployment scenario with Docker 200 MB Multi-attribute search of Docker images 5 Application Docker Registry
DockerFinder - Solution Attributes: • Software distributions supported (e.g. python 2.7, java 1.8). • Size – size of the images. • Stars – vote of users. • Pulls – number of downloads. DockerFinder is a microservice-based prototype that permits searching Docker images based on multiple attributes. Multi-attribute search of Docker images 6
DockerFinder – High level overview DockerFinder main steps: 1. Download and analyse Docker images. 2. Generate and store the description in local database. 3. Userssearch the images (RESTful API and GUI). Multi-attribute search of Docker images 7
DockerFinder – High level overview DockerFinder main steps: 1. Download and analyse Docker images. 2. Generate and store the descriptions in a local database. 3. Users search the images (RESTful API and GUI). Multi-attribute search of Docker images 8
DockerFinder – High level overview DockerFinder main steps: 1. Download and analyse Docker images. 2. Generate and store the descriptions in a local database. 3. Users can search the images (API and GUI). Multi-attribute search of Docker images 9
DockerFinder – High level overview DockerFinder main steps: 1. Download and analyse Docker images. 2. Generate and store the descriptions in a local database. 3. Users submit multi- attribute queries. Multi-attribute search of Docker images 10
• Set of independent, runnable, self-deployable microservices. • Communication with lightweight mechanisms (e.g. HTTP, AMQP). • Adopted mainly for: • Scalability, • Manageability, and • Integrability. API API API AMQP API Multi-attribute search of Docker images 11 DockerFinder: Microservice-based architecture Admin User
Storage part Images Service: two RESTful APIs: • api/images/ manage the images’ descriptions. • /search submit multi-attribute queries Images DB stores the images’ descriptions Multi-attribute search of Docker images 12 Admin User
Analysis part Crawler: crawls the name of the images. Message Broker: enqueues the name of the images. Scanner: pulls and analyse the images producing descriptions. Checker: enforce eventual consistency between local and remote images. Multi-attribute search of Docker images 13 Admin User
Scanner – Extract software distributions Given an image i to be analysed: 1. Create a “sleeping” container 2. For each software distribution <command, option, regex> (e.g., < python, --version, [0-9]+[.][0-9]*[.0-9]*> ), execute: 1. Parse with the regex the result: if match the image support that command. match = Search(regex, result) ID = docker run i sleep 1d result = docker exec ID command option Multi-attribute search of Docker images 14
Discovery part Software service and Software DB • /api/software manage the list of software. GUI Web-based graphical user interface. Search API • /search proxy the requests to the storage. Multi-attribute search of Docker images 15 Admin User
DockerFinder – GUI Multi-attribute search of Docker images 16
DockerFinder deployments (with Docker) Multi-container Docker application: • Each component is shipped in a Docker container. • Single host deployment • Multi-host deployment https://github.com/di-unipi-socc/DockerFinder Multi-attribute search of Docker images 17 Admin User
Deployments configurations Single host Multiple host Multi-attribute search of Docker images 18
Scanners scalability Test set-up: • All “latest” official images pulled locally. • Scanning of 100 images (fixed). • 16 software searched in each image. $ docker-compose scale scanner=<x> Multi-attribute search of Docker images 19
Summary of contributions DockerFinder : 1. Enhanced search of Docker images based on multi-attributes (software distributions, stars, pulls, size). 2. Designed as a microservices-based architecture (scalability, manageability, integrability) Multi-attribute search of Docker images 20
Conclusions – Possible extensions Storage space (caching) Multi-attribute search of Docker images 21 Multi-registries crawling DockerFinder Security policies
Future perspective DockerFinder as a general framework with the following features: 1. Customizable analysis function (in the scanner) for generating personalized datasets image descriptions. 2. Analysis of other container technologies (e.g., Rkt). Multi-attribute search of Docker images 22
THANK YOU FOR YOUR ATTENTION Davide Neri davide.neri@di.unipi.it Multi-attribute search of Docker images 23
Related work • Docker Store: Clusters images by categories (e.g. Database images, programming languages images). • JFrog artifactory: supports Docker and users can assign custom properties to Docker images. • “Automatic capturing and systematic usage of DevOps knowledge for cloud applications”. Wettinger. A knowledge base of heterogeneous DevOps solutions. Docker Finder generates descriptions extracting features from “inside” the images in a fully-automated way. Multi-attribute search of Docker images 24
Reference (some) • Enrico Bacis, Simone Mutti, Steven Capelli, and Stefano Paraboschi. DockerPolicyModules: Mandatory access control for docker containers. • Nicola Dragoni, Saverio Giallorenzo, Alberto Lluch-Lafuente, Manuel Mazzara, Fabrizio Montesi, Ruslan Mustafin, and Larisa Safina. Microservices: yesterday, today, and tomorrow. • Martin Fowler and James Lewis. Microservices. • Hui Kang, Michael Le, and Shu Tao. Container and microservice driven design for cloud infrastructure devops. • Johannes Wettinger, Vasilios Andrikopoulos, and Frank Leymann. Automated capturing and systematic usage of devops knowledge for cloud applications. Multi-attribute search of Docker images 25

Recommended

Shifter - Docker Containers for HPC
Shifter - Docker Containers for HPCShifter - Docker Containers for HPC
Shifter - Docker Containers for HPC
inside-BigData.com
 
Docker Security
Docker SecurityDocker Security
Docker Security
BladE0341
 
Docker - the what why and hows
Docker - the what why and howsDocker - the what why and hows
Docker - the what why and hows
Souvik Maji
 
Openshift meetup Paris - 21/03/2018
Openshift meetup Paris - 21/03/2018Openshift meetup Paris - 21/03/2018
Openshift meetup Paris - 21/03/2018
kanedafromparis
 
Docker
DockerDocker
Docker
Ramchandra Koty
 
The building blocks of docker.
The building blocks of docker.The building blocks of docker.
The building blocks of docker.
Chafik Belhaoues
 
Academy PRO: Docker. Lecture 2
Academy PRO: Docker. Lecture 2Academy PRO: Docker. Lecture 2
Academy PRO: Docker. Lecture 2
Binary Studio
 
Drupal PT Meetup Lisbon (December 2011)
Drupal PT Meetup Lisbon (December 2011)Drupal PT Meetup Lisbon (December 2011)
Drupal PT Meetup Lisbon (December 2011)
Paulo Gomes
 

Recommended

Shifter - Docker Containers for HPC
Shifter - Docker Containers for HPCShifter - Docker Containers for HPC
Shifter - Docker Containers for HPC
inside-BigData.com
 
Docker Security
Docker SecurityDocker Security
Docker Security
BladE0341
 
Docker - the what why and hows
Docker - the what why and howsDocker - the what why and hows
Docker - the what why and hows
Souvik Maji
 
Openshift meetup Paris - 21/03/2018
Openshift meetup Paris - 21/03/2018Openshift meetup Paris - 21/03/2018
Openshift meetup Paris - 21/03/2018
kanedafromparis
 
Docker
DockerDocker
Docker
Ramchandra Koty
 
The building blocks of docker.
The building blocks of docker.The building blocks of docker.
The building blocks of docker.
Chafik Belhaoues
 
Academy PRO: Docker. Lecture 2
Academy PRO: Docker. Lecture 2Academy PRO: Docker. Lecture 2
Academy PRO: Docker. Lecture 2
Binary Studio
 
Drupal PT Meetup Lisbon (December 2011)
Drupal PT Meetup Lisbon (December 2011)Drupal PT Meetup Lisbon (December 2011)
Drupal PT Meetup Lisbon (December 2011)
Paulo Gomes
 
Oracle database on Docker Container
Oracle database on Docker ContainerOracle database on Docker Container
Oracle database on Docker Container
Jesus Guzman
 
IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and Docker
David Currie
 
An operational view into docker registry with scalability, access control and...
An operational view into docker registry with scalability, access control and...An operational view into docker registry with scalability, access control and...
An operational view into docker registry with scalability, access control and...
Conference Papers
 
Rails Applications with Docker
Rails Applications with DockerRails Applications with Docker
Rails Applications with Docker
Laura Frank Tacho
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
Araf Karsh Hamid
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
Araf Karsh Hamid
 
Microservices and containers for the unitiated
Microservices and containers for the unitiatedMicroservices and containers for the unitiated
Microservices and containers for the unitiated
Kevin Lee
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
Puneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
Puneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
Docker Indy Meetup - An Opinionated View of Building Docker Images and Pipelines
Docker Indy Meetup - An Opinionated View of Building Docker Images and PipelinesDocker Indy Meetup - An Opinionated View of Building Docker Images and Pipelines
Docker Indy Meetup - An Opinionated View of Building Docker Images and Pipelines
Matt Bentley
 
A new model for Docker image distribution
A new model for Docker image distributionA new model for Docker image distribution
A new model for Docker image distributionDocker, Inc.
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
Araf Karsh Hamid
 
Kubernetes Online Training Hyderabad | Docker Online Training
Kubernetes Online Training Hyderabad | Docker Online TrainingKubernetes Online Training Hyderabad | Docker Online Training
Kubernetes Online Training Hyderabad | Docker Online Training
navyatejavisualpath
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
Dongwon Kim
 
Faster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker PlatformFaster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker Platform
msyukor
 
Introduction to docker and oci
Introduction to docker and ociIntroduction to docker and oci
Introduction to docker and oci
Romain Schlick
 
Tech talk on docker with demo
Tech talk on docker with demoTech talk on docker with demo
Tech talk on docker with demo
Sandeep Karnawat
 
Docker basics
Docker basicsDocker basics
Docker basics
Claudio Montoya
 
Docker
DockerDocker
Docker
Abhishek Tomar
 
Docker 1.9 Workshop
Docker 1.9 WorkshopDocker 1.9 Workshop
Docker 1.9 Workshop
{code}
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 

More Related Content

Similar to DockerFinder: Multi-attribute search of Docker images

Oracle database on Docker Container
Oracle database on Docker ContainerOracle database on Docker Container
Oracle database on Docker Container
Jesus Guzman
 
IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and Docker
David Currie
 
An operational view into docker registry with scalability, access control and...
An operational view into docker registry with scalability, access control and...An operational view into docker registry with scalability, access control and...
An operational view into docker registry with scalability, access control and...
Conference Papers
 
Rails Applications with Docker
Rails Applications with DockerRails Applications with Docker
Rails Applications with Docker
Laura Frank Tacho
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
Araf Karsh Hamid
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
Araf Karsh Hamid
 
Microservices and containers for the unitiated
Microservices and containers for the unitiatedMicroservices and containers for the unitiated
Microservices and containers for the unitiated
Kevin Lee
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
Puneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
Docker Indy Meetup - An Opinionated View of Building Docker Images and Pipelines
Docker Indy Meetup - An Opinionated View of Building Docker Images and PipelinesDocker Indy Meetup - An Opinionated View of Building Docker Images and Pipelines
Docker Indy Meetup - An Opinionated View of Building Docker Images and Pipelines
Matt Bentley
 
A new model for Docker image distribution
A new model for Docker image distributionA new model for Docker image distribution
A new model for Docker image distributionDocker, Inc.
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
Araf Karsh Hamid
 
Kubernetes Online Training Hyderabad | Docker Online Training
Kubernetes Online Training Hyderabad | Docker Online TrainingKubernetes Online Training Hyderabad | Docker Online Training
Kubernetes Online Training Hyderabad | Docker Online Training
navyatejavisualpath
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
Dongwon Kim
 
Faster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker PlatformFaster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker Platform
msyukor
 
Introduction to docker and oci
Introduction to docker and ociIntroduction to docker and oci
Introduction to docker and oci
Romain Schlick
 
Tech talk on docker with demo
Tech talk on docker with demoTech talk on docker with demo
Tech talk on docker with demo
Sandeep Karnawat
 
Docker basics
Docker basicsDocker basics
Docker basics
Claudio Montoya
 
Docker
DockerDocker
Docker
Abhishek Tomar
 
Docker 1.9 Workshop
Docker 1.9 WorkshopDocker 1.9 Workshop
Docker 1.9 Workshop
{code}
 

Similar to DockerFinder: Multi-attribute search of Docker images (20)

Oracle database on Docker Container
Oracle database on Docker ContainerOracle database on Docker Container
Oracle database on Docker Container
 
IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and Docker
 
An operational view into docker registry with scalability, access control and...
An operational view into docker registry with scalability, access control and...An operational view into docker registry with scalability, access control and...
An operational view into docker registry with scalability, access control and...
 
Rails Applications with Docker
Rails Applications with DockerRails Applications with Docker
Rails Applications with Docker
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
 
Microservices and containers for the unitiated
Microservices and containers for the unitiatedMicroservices and containers for the unitiated
Microservices and containers for the unitiated
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
 
Docker Indy Meetup - An Opinionated View of Building Docker Images and Pipelines
Docker Indy Meetup - An Opinionated View of Building Docker Images and PipelinesDocker Indy Meetup - An Opinionated View of Building Docker Images and Pipelines
Docker Indy Meetup - An Opinionated View of Building Docker Images and Pipelines
 
A new model for Docker image distribution
A new model for Docker image distributionA new model for Docker image distribution
A new model for Docker image distribution
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
 
Kubernetes Online Training Hyderabad | Docker Online Training
Kubernetes Online Training Hyderabad | Docker Online TrainingKubernetes Online Training Hyderabad | Docker Online Training
Kubernetes Online Training Hyderabad | Docker Online Training
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
Faster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker PlatformFaster and Easier Software Development using Docker Platform
Faster and Easier Software Development using Docker Platform
 
Introduction to docker and oci
Introduction to docker and ociIntroduction to docker and oci
Introduction to docker and oci
 
Tech talk on docker with demo
Tech talk on docker with demoTech talk on docker with demo
Tech talk on docker with demo
 
Docker basics
Docker basicsDocker basics
Docker basics
 
Docker
DockerDocker
Docker
 
Docker 1.9 Workshop
Docker 1.9 WorkshopDocker 1.9 Workshop
Docker 1.9 Workshop
 

Recently uploaded

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 

Recently uploaded (20)

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 

DockerFinder: Multi-attribute search of Docker images

  • 1. DOCKERFINDER: MULTI-ATTRIBUTE SEARCH OF DOCKER IMAGES Antonio Brogi, Davide Neri, and Jacopo Soldani Department of Computer Science, University of Pisa, Italy {name.surname}@di.unipi.it
  • 2. Deployment scenario with Docker How we can search a Docker image that satisfies these requirements ? 200 MB Multi-attribute search of Docker images 2 Application Docker Registry
  • 3. Searching Docker images (1) $ docker search –stars=10 java NAME DESCRIPTION STARS OFFICIAL AUTOMATED java Java is a concurrent ... 1334 [OK] anapsix/alpine-java Oracle Java 8 (and 7) ... 197 [OK] isuper/java-oracle This repository contai... 52 [OK] Usage: docker search [OPTIONS] TERM Search the Docker Hub for images Options: -f, --filter filter Filter output based on conditions provided --help Print usage --limit int Max number of search results (default 25) --no-trunc Don't truncate output Search by command line Example Multi-attribute search of Docker images 3
  • 4. Searching Docker images (2) Search by Web (e.g. Docker Hub) Multi-attribute search of Docker images 4
  • 5. Deployment scenario with Docker 200 MB Multi-attribute search of Docker images 5 Application Docker Registry
  • 6. DockerFinder - Solution Attributes: • Software distributions supported (e.g. python 2.7, java 1.8). • Size – size of the images. • Stars – vote of users. • Pulls – number of downloads. DockerFinder is a microservice-based prototype that permits searching Docker images based on multiple attributes. Multi-attribute search of Docker images 6
  • 7. DockerFinder – High level overview DockerFinder main steps: 1. Download and analyse Docker images. 2. Generate and store the description in local database. 3. Userssearch the images (RESTful API and GUI). Multi-attribute search of Docker images 7
  • 8. DockerFinder – High level overview DockerFinder main steps: 1. Download and analyse Docker images. 2. Generate and store the descriptions in a local database. 3. Users search the images (RESTful API and GUI). Multi-attribute search of Docker images 8
  • 9. DockerFinder – High level overview DockerFinder main steps: 1. Download and analyse Docker images. 2. Generate and store the descriptions in a local database. 3. Users can search the images (API and GUI). Multi-attribute search of Docker images 9
  • 10. DockerFinder – High level overview DockerFinder main steps: 1. Download and analyse Docker images. 2. Generate and store the descriptions in a local database. 3. Users submit multi- attribute queries. Multi-attribute search of Docker images 10
  • 11. • Set of independent, runnable, self-deployable microservices. • Communication with lightweight mechanisms (e.g. HTTP, AMQP). • Adopted mainly for: • Scalability, • Manageability, and • Integrability. API API API AMQP API Multi-attribute search of Docker images 11 DockerFinder: Microservice-based architecture Admin User
  • 12. Storage part Images Service: two RESTful APIs: • api/images/ manage the images’ descriptions. • /search submit multi-attribute queries Images DB stores the images’ descriptions Multi-attribute search of Docker images 12 Admin User
  • 13. Analysis part Crawler: crawls the name of the images. Message Broker: enqueues the name of the images. Scanner: pulls and analyse the images producing descriptions. Checker: enforce eventual consistency between local and remote images. Multi-attribute search of Docker images 13 Admin User
  • 14. Scanner – Extract software distributions Given an image i to be analysed: 1. Create a “sleeping” container 2. For each software distribution <command, option, regex> (e.g., < python, --version, [0-9]+[.][0-9]*[.0-9]*> ), execute: 1. Parse with the regex the result: if match the image support that command. match = Search(regex, result) ID = docker run i sleep 1d result = docker exec ID command option Multi-attribute search of Docker images 14
  • 15. Discovery part Software service and Software DB • /api/software manage the list of software. GUI Web-based graphical user interface. Search API • /search proxy the requests to the storage. Multi-attribute search of Docker images 15 Admin User
  • 16. DockerFinder – GUI Multi-attribute search of Docker images 16
  • 17. DockerFinder deployments (with Docker) Multi-container Docker application: • Each component is shipped in a Docker container. • Single host deployment • Multi-host deployment https://github.com/di-unipi-socc/DockerFinder Multi-attribute search of Docker images 17 Admin User
  • 18. Deployments configurations Single host Multiple host Multi-attribute search of Docker images 18
  • 19. Scanners scalability Test set-up: • All “latest” official images pulled locally. • Scanning of 100 images (fixed). • 16 software searched in each image. $ docker-compose scale scanner=<x> Multi-attribute search of Docker images 19
  • 20. Summary of contributions DockerFinder : 1. Enhanced search of Docker images based on multi-attributes (software distributions, stars, pulls, size). 2. Designed as a microservices-based architecture (scalability, manageability, integrability) Multi-attribute search of Docker images 20
  • 21. Conclusions – Possible extensions Storage space (caching) Multi-attribute search of Docker images 21 Multi-registries crawling DockerFinder Security policies
  • 22. Future perspective DockerFinder as a general framework with the following features: 1. Customizable analysis function (in the scanner) for generating personalized datasets image descriptions. 2. Analysis of other container technologies (e.g., Rkt). Multi-attribute search of Docker images 22
  • 23. THANK YOU FOR YOUR ATTENTION Davide Neri davide.neri@di.unipi.it Multi-attribute search of Docker images 23
  • 24. Related work • Docker Store: Clusters images by categories (e.g. Database images, programming languages images). • JFrog artifactory: supports Docker and users can assign custom properties to Docker images. • “Automatic capturing and systematic usage of DevOps knowledge for cloud applications”. Wettinger. A knowledge base of heterogeneous DevOps solutions. Docker Finder generates descriptions extracting features from “inside” the images in a fully-automated way. Multi-attribute search of Docker images 24
  • 25. Reference (some) • Enrico Bacis, Simone Mutti, Steven Capelli, and Stefano Paraboschi. DockerPolicyModules: Mandatory access control for docker containers. • Nicola Dragoni, Saverio Giallorenzo, Alberto Lluch-Lafuente, Manuel Mazzara, Fabrizio Montesi, Ruslan Mustafin, and Larisa Safina. Microservices: yesterday, today, and tomorrow. • Martin Fowler and James Lewis. Microservices. • Hui Kang, Michael Le, and Shu Tao. Container and microservice driven design for cloud infrastructure devops. • Johannes Wettinger, Vasilios Andrikopoulos, and Frank Leymann. Automated capturing and systematic usage of devops knowledge for cloud applications. Multi-attribute search of Docker images 25

Editor's Notes

  1. An application deplyment requirements: Python 2.7 Java 1.8 Size < 200 MB
  2. An application deplyment requirements: Python 2.7 Java 1.8 Size < 200 MB