Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 13

ConPan: Analysing Packages Installed in Docker Containers

May. 13, 2019
0 likes 408 views

0

Share

Software

Demonstration of the ConPan tool for analysing outdated packages and their security vulnerabilities in Docker containers. Developed by Ahmed Zerouali, Software Engineering Lab, University of Mons. In collaboration with Universidad Rey Juan Carlos and Bitergia, Madrid, Spain. Presented by Tom Mens at the MSR 2019 International Conference on Mining Software Repositories, May 2019, Montréal, Canada.

License: CC Attribution-NonCommercial-ShareAlike License

Recommended

Related Books

Free with a 30 day trial from Scribd

See all
The Impulse Economy: Understanding Mobile Shoppers and What Makes Them Buy Gary Schwartz
(4.5/5)
Free
Emergence: The Connected Lives of Ants, Brains, Cities, and Software Steven Johnson
(4.5/5)
Free
Tubes: A Journey to the Center of the Internet Andrew Blum
(4/5)
Free
World Wide Mind: The Coming Integration of Humanity, Machines, and the Internet Michael Chorost
(4/5)
Free
An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths Glenn Reynolds
(4/5)
Free
In the Plex: How Google Thinks, Works, and Shapes Our Lives Steven Levy
(4.5/5)
Free
Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age William Powers
(4/5)
Free
The Thank You Economy Gary Vaynerchuk
(4/5)
Free
Talking Back to Facebook: The Common Sense Guide to Raising Kids in the Digital Age James P. Steyer
(4.5/5)
Free
Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live Jeff Jarvis
(3.5/5)
Free
The Nature of the Future: Dispatches from the Socialstructed World Marina Gorbis
(4/5)
Free
Socialnomics: How Social Media Transforms the Way We Live and Do Business Erik Qualman
(3/5)
Free
The End of Business As Usual: Rewire the Way You Work to Succeed in the Consumer Revolution Brian Solis
(5/5)
Free
Blog Schmog: The Truth About What Blogs Can (and Can't) Do for Your Business Robert W. Bly
(4/5)
Free
From Counterculture to Cyberculture: Stewart Brand, the Whole Earth Network, and the Rise of Digital Utopianism Fred Turner
(2.5/5)
Free
How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life J. J. Luna
(4/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
The New New Thing: A Silicon Valley Story Michael Lewis
(4.5/5)
Free
Cognitive Surplus: Creativity and Generosity in a Connected Age Clay Shirky
(3.5/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community that Will Listen Kristen Meinzer
(4.5/5)
Free
The Dark Net: Inside the Digital Underworld Jamie Bartlett
(3.5/5)
Free
Kill All Normies: Online Culture Wars From 4Chan And Tumblr To Trump And The Alt-Right Angela Nagle
(4/5)
Free
The Art of Social Media: Power Tips for Power Users Guy Kawasaki
(4/5)
Free
Who Owns the Future? Jaron Lanier
(4/5)
Free
An Introduction to Information Theory: Symbols, Signals and Noise John R. Pierce
(4.5/5)
Free
Algorithms to Live By: The Computer Science of Human Decisions Tom Griffiths
(4.5/5)
Free
The Death of Expertise: The Campaign Against Established Knowledge and Why it Matters Tom Nichols
(4.5/5)
Free
Alone Together: Why We Expect More from Technology and Less from Each Other Sherry Turkle
(4/5)
Free
Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World Don Tapscott
(4/5)
Free
The Emperor's New Mind: Concerning Computers, Minds, and the Laws of Physics Roger Penrose
(3.5/5)
Free
New Dark Age: Technology and the End of the Future James Bridle
(4.5/5)
Free
The History of the Future: Oculus, Facebook, and the Revolution That Swept Virtual Reality Blake J. Harris
(4.5/5)
Free

ConPan: Analysing Packages Installed in Docker Containers

  1. 1. ConPan: Analyzing Packages Installed in Docker Containers Ahmed Zerouali, Valerio Cosentino, Jesus Gonzalez-Barahona, Gregorio Robles, Tom Mens Int’l Conf. Mining Software Repositories (MSR) Montreal, QC, Canada - May 26-27, 2019
  2. 2. Docker containers ● are isolated bundles of software packages ● facilitate deploying software applications in production environments ● are created by combining and modifying images from public (official or community) repositories
  3. 3. Motivation: Security vulnerabilities are main barrier to container adoption ClusterHQ, June 2015
  4. 4. Motivation: Security vulnerabilities are main barrier to container adoption FlawCheck, August 2015
  5. 5. Commercial tools for scanning Docker images
  6. 6. Commercial tools for scanning Docker images
  7. 7. “Systems with a low dependency freshness are more than four times as likely to contain security issues in these dependencies.” “Measuring Dependency Freshness in Software Systems”, Cox et al. (ICSE 2015) "The number of vulnerabilities is moderately correlated with the number of outdated packages in a container” “On the Relation between Outdated Docker Containers, Severity Vulnerabilities, and Bugs”, A. Zerouali et al. (SANER 2019) Outdatedness causes Security Vulnerabilities
  8. 8. ConPAn– Container Packages Analyzer Goal: combine information about outdatedness and security vulnerabilities
  9. 9. ConPan Installation $ git clone https://github.com/neglectos/ConPan $ python3 setup.py build $ python3 setup.py install
  10. 10. ConPan in action Through command-line interface: $ conpan -p debian -c <Docker image> -d path/to/data Example: $ conpan -p debian -c google/mysql -d /ConPan/data/debian/
  11. 11. ConPan in action Through API:
  12. 12. ConPan in action Through API:
  13. 13. ConPan in action Through API:

Editor's Notes

  • So, In June 2015, ClusterHQ asked enterprises “What are the biggest barriers to putting containers in a production environment?” a higher percentage of more than >60% candidate enterprises said that security was the #1 barrier to putting containers in a production environment.
  • After some time, In August 2015, FlawCheck and one of our partners, surveyed enterprises asking which piece of the security equation was their top concern about running containers in production environments.
    At 42%, Vulnerabilities & Malware in container workloads was the top container security concern among those surveyed.
  • Most of the tools available today are commercial ( not free) tools that provide information about security vulnerabilities about packages installed in docker containers but they don’t provide information about how outdated packages are. How many versions they are missing and how much they are lagging behind the latest version.
  • Most of the tools available today, they are commercial ( not free) tools that provide information about security vulnerabilities about packages installed in docker containers but they don’t provide information about how outdated packages are. How many versions they are missing and how much they are lagging behind the latest version.
  • In fact, it has been shown that the number of software vulnerabilities is related with how outdated this software is.
    More outdated dependencies have more vulnerabilities.


    Moreover, are there any tools that provide information about other kind of bugs, other than security bugs.
  • For this reason, we have developed ConPan.
    A python utility that helps to anlayze packages installed in Docker containers.

    The overall structure of ConPan is summarized in the figure. Its core is composed by five tasks, which consists of:
    (i) pulling and running Docker images;
    (ii) identifying the installed packages;
    (iii) tracking them back to their package managers;
    (iv) searching for their known vulnerability reports or other
    reported bugs and quality issues;
    (v) reporting the results in a specific output format.
    ConPan also provides general information about the analysed Docker Hub image, fetched
    from the Docker Hub registry using its API.
  • To install conpan

    • ×