Delete search term


Quick navigation

Main navigation

Smart policy-driven scanning of Docker images

At a glance


Docker has become the de-facto standard for containerised application
delivery. Hundreds of companies in Switzerland develop, deploy and
operate Docker-packaged software regularly, often involving publicly
available Docker images produced by third parties. For banks, insurances
and other companies with high compliance requirements, this poses a risk
due to unknown origin and content of the images. Therefore, only
approved images are allowed to be used, and the approval is conditional
on passing quality scanning which is mostly a manual analysis process by
experts. The questions are: How does a suitable policy language look
like? How can we flag images as having been scanned by a trustworthy
scanner? Can we use machine learning to learn over time if one source of
container images is more trustworthy than another one? How can we make
the scanner invocation resilient while minimising the time it needs to
be connected to the Internet? Is the open source tool Clair suitable as
base for the planned product?

Further information