CN117311905A - Container mirror image software composition analysis system and method based on layered detection - Google Patents
Container mirror image software composition analysis system and method based on layered detection Download PDFInfo
- Publication number
- CN117311905A CN117311905A CN202311318935.XA CN202311318935A CN117311905A CN 117311905 A CN117311905 A CN 117311905A CN 202311318935 A CN202311318935 A CN 202311318935A CN 117311905 A CN117311905 A CN 117311905A
- Authority
- CN
- China
- Prior art keywords
- container mirror
- mirror image
- software
- analysis
- container
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 168
- 238000001514 detection method Methods 0.000 title claims abstract description 80
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000003993 interaction Effects 0.000 claims abstract description 74
- 238000010191 image analysis Methods 0.000 claims abstract description 31
- 230000008859 change Effects 0.000 claims description 15
- 238000012545 processing Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 11
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000011161 development Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000006978 adaptation Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000002441 reversible effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/185—Hierarchical storage management [HSM] systems, e.g. file migration or policies thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45591—Monitoring or debugging support
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Human Computer Interaction (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a container mirror image software composition analysis system, a method, electronic equipment and a medium based on layered detection. The interaction node is configured to acquire a container mirror image layering result of the container mirror image to be detected according to the received container mirror image analysis task; the analysis node is used for sending a container mirror image layer software analysis task to the analysis node according to the container mirror image layering result; the analysis node is configured to acquire a layer software analysis result of the container mirror layer to be detected according to the container mirror layer software analysis task, and return the layer software analysis result to the interaction node; and the interaction node is also used for obtaining the software composition analysis result of the container mirror image to be detected according to the layer software analysis result, and has the advantages of less resource consumption (such as memory space) and high efficiency.
Description
Technical Field
The invention relates to the technical field of container detection, in particular to a system, a method, electronic equipment and a medium for analyzing the composition of container mirror image software based on layered detection.
Background
The virtualized container technology can rapidly complete the encapsulation and packaging of a development environment or an operation environment, and can simply and conveniently copy various computer coding environments, so that the environment can be opened for use. With the evolution of a software development architecture, container technology becomes an important support technology in the fields of current DevOps, micro-services and the like by virtue of the characteristics of light weight, agility, easy expansion and strong community support, and is more and more widely focused, researched and applied. For example, the technology of a Docker virtualization container is taken as a representative, and is one of the popular virtualization containers at present. Taking an open source community Docker Hub as an example, a user can conveniently find a container mirror image which the user wants in the community, and a developer can upload the container mirror image which the user makes for other users to use. However, although the user can use the container image, the user cannot know the constituent components of the software in the container image very conveniently. When a developer of the container image uses the software with potential safety hazards or does not update the software version in time, the user needs to deal with the software by himself. It is therefore necessary to obtain the software components in the container image to improve the security when using the container image. However, conventional software component analysis is not suitable for software in a container image, because the conventional software component analysis is based on a complete file system, and for the container image, a container instance needs to be run to construct the complete file system, which not only consumes resources, but also has low running efficiency; in addition, conventional software component analysis cannot effectively count the historical variation of software in the container mirror image.
Therefore, how to obtain the software component of the container image more efficiently and more accurately is becoming one of the technical problems to be solved in the art.
It should be noted that the information disclosed in this background section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.
Disclosure of Invention
The invention aims at providing a device for detecting the position of a motor.
In order to achieve the purpose, the invention is realized by the following technical scheme that the container mirror image software composition analysis system based on layered detection comprises an interaction node and at least one analysis node;
the interaction node is configured to acquire a container mirror image layering result of the container mirror image to be detected according to the received container mirror image analysis task; the analysis node is used for sending a container mirror image layer software analysis task to the analysis node according to the container mirror image layering result;
the analysis node is configured to acquire a layer software analysis result of the container mirror layer to be detected according to the container mirror layer software analysis task, and return the layer software analysis result to the interaction node;
And the interaction node is also used for obtaining the software composition analysis result of the container mirror image to be detected according to the layer software analysis result.
Optionally, the interaction node comprises an interaction module and a data processing module;
the interaction module is configured to acquire a container mirror image identification of the container mirror image to be detected according to the received container mirror image analysis task;
the data processing module is configured to acquire container mirror image description data of the container mirror image to be detected according to the container mirror image identification, and acquire the container mirror image layering result according to the container mirror image description data; and the analysis node is used for sending the container mirror image layer software analysis task to the analysis node according to the container mirror image layering result.
Optionally, the analysis node includes a base analysis module and a software analysis module;
the basic analysis module is configured to acquire a file system and a software package manager of the container mirror layer to be detected according to the container mirror layer software analysis task, the reference file system and the reference software package manager;
the software analysis module is configured to obtain a layer software analysis result of the container mirror image layer to be detected according to the container mirror image layer software analysis task, the file system and the software package manager; and sending the analysis result of the layer software to the interaction node.
In order to achieve the above object, the present invention further provides a method for analyzing a composition of container mirror software based on hierarchical detection, including:
according to the received container mirror image analysis task, obtaining a container mirror image layering result of the container mirror image to be detected so as to obtain a container mirror image layer software analysis task;
according to the container mirror image layer software analysis task, acquiring a layer software analysis result of a container mirror image layer to be detected;
and obtaining a software composition analysis result of the container mirror image to be detected according to the layer software analysis result.
Optionally, the obtaining, according to the received container image analysis task, a container image layering result of the container image to be detected includes:
receiving the container mirror analysis task;
acquiring a container mirror image identification of the container mirror image to be detected according to the container mirror image analysis task;
acquiring container mirror image description data corresponding to the container mirror image to be detected according to the container mirror image identification;
acquiring a container mirror hierarchical hash value according to the container mirror description data;
and obtaining a container mirror image layering result of the container mirror image to be detected according to the container mirror image layering hash value and a layering calculation formula obtained from a container engine of the container mirror image to be detected.
Optionally, the obtaining, according to the task of analyzing the container mirror layer software, a layer software analysis result of the container mirror layer to be detected includes:
acquiring a container mirror layer file system and a container mirror layer software package manager of the container mirror layer to be detected according to the container mirror layer software analysis task;
and obtaining a layer software analysis result of the container mirror layer to be detected according to the container mirror layer file system and the container mirror layer software package manager.
Optionally, the obtaining, according to the task of analyzing the container mirror layer software, a container mirror layer file system and a container mirror layer software package manager of the container mirror layer to be detected includes:
acquiring a reference file system characteristic value dataset;
acquiring a file system characteristic value of the container mirror layer file system according to the analysis task of the container mirror layer software;
matching the file system characteristic values of the container mirror image layer file system with the reference file system characteristic value data set one by one, and obtaining the container mirror image layer file system according to a matching result;
acquiring a reference software package manager characteristic file data set;
and detecting the characteristic files of the container mirror layer to be detected according to the analysis task of the container mirror layer software and the characteristic file data set of the package manager, and obtaining the container mirror layer software package manager according to a detection result.
Optionally, according to the layer software analysis result, obtaining a software composition analysis result of the container image to be detected, including:
according to the layer sequence of the container mirror image layers to be detected and the layer software analysis results corresponding to the container mirror image layers to be detected, a container mirror image historical software component change list of the container mirror image to be detected is manufactured;
and displaying the container mirror history software component change list.
In order to achieve the above object, the present invention further provides an electronic device, which includes a processor and a memory, wherein the memory stores a computer program, and when the computer program is executed by the processor, the method for analyzing the composition of container mirror software according to any one of the above embodiments is implemented.
In order to achieve the above object, the present invention also provides a readable storage medium having stored therein a computer program which, when executed by a processor, implements the container mirroring software composition analysis method of any one of the above.
Compared with the prior art, the container mirror image software composition analysis system, method, electronic equipment and medium based on layered detection provided by the invention have the following advantages:
The invention provides a container mirror image software composition analysis system based on layered detection, which comprises an interaction node and at least one analysis node; the interaction node is configured to acquire a container mirror image layering result of a container mirror image to be detected according to a received container mirror image analysis task; the analysis node is used for sending a container mirror image layer software analysis task to the analysis node according to the container mirror image layering result; the analysis node is configured to acquire a layer software analysis result of the container mirror layer to be detected according to the container mirror layer software analysis task, and return the layer software analysis result to the interaction node; and the interaction node is also used for obtaining the software composition analysis result of the container mirror image to be detected according to the layer software analysis result. Therefore, the container mirror image software composition analysis system based on layered detection provided by the invention can receive the container mirror image analysis task of a user through the interaction node, particularly the analysis node can acquire the layer software analysis result of the container mirror image layer to be detected according to the container mirror image layer software analysis task through the interaction node and obtain the software composition analysis result (such as the version, release time, software size, adaptation framework and the like of the software) through the interaction node, and can provide the historical software composition change of the whole container mirror image, thereby providing an important reference basis for avoiding the use of software with potential safety hazards by the user or not updating the software in time and further laying a foundation for improving the development efficiency and the safety of products. Furthermore, the container mirror image software composition analysis system based on layered detection provided by the invention takes the software mirror image layer as the analysis granularity, and the mode of integrating the software mirror image layer into zero also enables the container mirror image software composition analysis system based on layered detection provided by the embodiment to have higher analysis efficiency. Furthermore, the invention provides a container mirror software composition analysis system which can statically analyze a container mirror, does not need to dynamically construct a container mirror example, and can further improve analysis efficiency while consuming less resources (such as memory space). Still further, the user only needs to input the container mirror image analysis task into the container mirror image software composition analysis system based on layered detection, and the analysis process can acquire the layer software analysis result of the container mirror image layer to be detected without human-computer interaction, so that the operation and the use of the user are convenient.
Because the method, the electronic device and the medium for analyzing the composition of the container mirror image software based on the layered detection provided by the invention belong to the same conception as the system for analyzing the composition of the container mirror image software based on the layered detection provided by the invention, the method, the electronic device and the medium for analyzing the composition of the container mirror image software based on the layered detection provided by the invention have all the advantages of the system for analyzing the composition of the container mirror image software based on the layered detection provided by the invention, and detailed contents refer to the description related to the system for analyzing the composition of the container mirror image software based on the layered detection, and are not repeated here.
Drawings
FIG. 1 is a block diagram of a system for analyzing the composition of container mirror software based on hierarchical detection according to an embodiment of the present invention;
FIG. 2 is a schematic general flow diagram of a method for analyzing the composition of container mirror software based on hierarchical detection according to a second embodiment of the present invention;
fig. 3 is a schematic block diagram of an electronic device according to a third embodiment of the present invention.
Wherein, the reference numerals are as follows:
the system comprises an interaction node-110, an interaction module-111 and a data processing module-112;
the analysis node-120, the basic analysis module-121 and the software analysis module-122;
Processor-201, communication interface-202, memory-203, communication bus-204.
Detailed Description
The system, the method, the electronic equipment and the medium for analyzing the composition of the container mirror image software based on the layering detection are further described in detail below with reference to the accompanying drawings. The advantages and features of the present invention will become more apparent from the following description. It should be noted that the drawings are in a very simplified form and are all to a non-precise scale, merely for the purpose of facilitating and clearly aiding in the description of embodiments of the invention. For a better understanding of the invention with objects, features and advantages, refer to the drawings. It should be understood that the structures, proportions, sizes, etc. shown in the drawings are shown only in connection with the present disclosure for the understanding and reading of the present disclosure, and are not intended to limit the scope of the invention, which is defined by the appended claims, and any structural modifications, proportional changes, or dimensional adjustments, which may be made by the present disclosure, should fall within the scope of the present disclosure under the same or similar circumstances as the effects and objectives attained by the present invention. Specific design features of the invention disclosed herein, including for example, specific dimensions, orientations, positions, and configurations, will be determined in part by the specific intended application and use environment. In the embodiments described below, the same reference numerals are used in common between the drawings to denote the same parts or parts having the same functions, and the repetitive description thereof may be omitted. In this specification, like reference numerals and letters are used to designate like items, and thus once an item is defined in one drawing, no further discussion thereof is necessary in subsequent drawings. Additionally, if a method described herein comprises a series of steps, and the order of the steps presented herein is not necessarily the only order in which the steps may be performed, and some of the described steps may be omitted and/or some other steps not described herein may be added to the method.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. The singular forms "a," "an," and "the" include plural referents, the term "or" is generally used in the sense of comprising "and/or" and the term "several" is generally used in the sense of comprising "at least one," the term "at least two" is generally used in the sense of comprising "two or more," and the term "first," "second," "third," are for descriptive purposes only and are not to be construed as indicating or implying any relative importance or number of features indicated.
Particularly, the container mirror image software composition analysis method based on the layered detection provided by the invention can be applied to the container mirror image software composition analysis system based on the layered detection or electronic equipment, and the container mirror image software composition analysis system based on the layered detection provided by the invention can be deployed on the electronic equipment provided by the invention, wherein the electronic equipment can be a personal computer, a mobile terminal and the like, and the mobile terminal can be a mobile phone, a tablet computer and other hardware equipment with various operating systems.
In order to more easily understand and explain the present invention, specific embodiments of the system for analyzing the composition of the container mirror software based on the layering detection provided by the present invention are described in detail, and then the method for analyzing the composition of the container mirror software based on the layering detection provided by the present invention is described in detail, however, since the method for analyzing the composition of the container mirror software based on the layering detection provided by the present invention and the system for analyzing the composition of the container mirror software based on the layering detection provided by the present invention belong to the same inventive concept, the basic principles of the two are the same, and according to the needs of the description and in order to avoid redundancy, some details are described in detail in the specific embodiments of the system for analyzing the composition of the container mirror software based on the layering detection provided by the present invention, some details are described in detail in the method for analyzing the composition of the container mirror software based on the layering detection provided by the present invention, and it is required to be understood that the technical features mentioned in the embodiments of the system for analyzing the container mirror software based on the layering detection provided by the present invention can be used in the embodiments of the system for analyzing the container mirror software based on the layering detection provided by the present invention, and vice versa. Those skilled in the art will appreciate that this is not a limitation of the present invention.
Example 1
The embodiment provides a container mirror image software composition analysis system based on layering detection. Specifically, referring to fig. 1, a block diagram of a container mirroring software composition analysis system based on hierarchical detection according to the present embodiment is schematically shown. As can be seen from fig. 1, the container mirroring software composition analysis system based on hierarchical detection provided in this embodiment includes an interaction node 110 and at least one analysis node 120. Specifically, the interaction node 110 is configured to obtain a container image layering result of the container image to be detected according to the received container image analysis task; and is configured to send a container mirror layer software analysis task to the analysis node 120 according to the container mirror layering result. The analysis node 120 is configured to obtain a layer software analysis result of the container mirror layer to be detected according to the container mirror layer software analysis task, and return the layer software analysis result to the interaction node 110. The interaction node 110 is further configured to obtain a software composition analysis result of the container image to be detected according to the layer software analysis result.
Therefore, in the container mirror image software composition analysis system based on layered detection provided in this embodiment, the interaction node 110 can receive the container mirror image analysis task of the user, and through the cooperation of the interaction node 110 and the analysis node 120, especially, the analysis node 120 can obtain the layer software analysis result of the container mirror image layer to be detected according to the container mirror image layer software analysis task, and obtain the software composition analysis result (such as the version of the software, the release time, the software size, the adaptation architecture, etc.) through the interaction node 110, the historical software composition change of the whole container mirror image can be provided, so that an important reference basis can be provided for avoiding the use of the software with potential safety hazards by the user or not being able to update the software in time, and further, a foundation is laid for improving the development efficiency and the safety of the product. Furthermore, the container mirror image software composition analysis system based on layered detection provided by the embodiment takes the software mirror image layer as the analysis granularity, and the mode of being integrated into zero also enables the container mirror image software composition analysis system based on layered detection provided by the embodiment to have higher analysis efficiency. Furthermore, the embodiment provides a container mirror software composition analysis system capable of statically analyzing a container mirror, and not requiring to dynamically construct a container mirror instance, so that analysis efficiency can be further improved while consuming less resources (such as memory space). Still further, the user only needs to input a container mirror image analysis task to the container mirror image software composition analysis system based on layered detection provided by the embodiment, so that a layer software analysis result of a container mirror image layer to be detected can be automatically obtained, and the whole process does not need too much man-machine interaction, thereby being convenient for the user to operate and use.
It should be noted that, as those skilled in the art can understand, the container mirroring software composition analysis system based on hierarchical detection provided by the present invention does not limit the number of the interaction nodes 110 and the analysis nodes 120, and in some embodiments, there may be one interaction node 110 and one analysis node 120; in other embodiments, there may be one interaction node 110, two analysis nodes 120; in other embodiments, there may be one interaction node 110, and the number of analysis nodes 120 may be three, four, or more. Preferably, one interaction node 110 and a plurality of analysis nodes 120 may be provided. Further, each interaction node 110 and analysis node 120 in the container mirror image software composition analysis system based on layered detection provided by the invention can independently run on the same host computer or can run on different host computers. Running on different hosts with the interaction node 110 and analysis node 120 is, for example: in some embodiments, the interaction node 110 runs on a host, and multiple analysis nodes 120 share a host. In still other embodiments, the interaction node 110 runs on one host and the plurality of analysis nodes 120 run on multiple hosts, respectively. In still other embodiments, the interaction node 110 and some of the analysis nodes 120 run on one host, and another (or some) of the analysis nodes 120 run on the same host, or on different hosts.
With continued reference to FIG. 1, in some exemplary embodiments, the interaction node 110 includes an interaction module 111 and a data processing module 112. Specifically, the interaction module 111 is configured to obtain, according to the received container image analysis task, a container image identifier of the container image to be detected. The data processing module 112 is configured to obtain, according to the container image identifier, container image description data of the container image to be detected, and obtain, according to the container image description data, the container image layering result; and is configured to send the container mirror layer software analysis task to the analysis node 120 according to the container mirror layering result. Therefore, the analysis system is composed of the container mirror image software based on layered detection, the interaction node 110 includes the interaction module 111 and the data processing module 112, the interaction module 111 can receive the container mirror image analysis task input by the user, and obtain the container mirror image identifier of the container mirror image to be detected, so that the data processing module 112 can obtain the container mirror image layering result of the container mirror image to be detected according to the container mirror image identifier, and the data processing module 112 issues the container mirror image layer software analysis task to the analysis node 120, thereby laying a foundation for layered detection with the container mirror image layer as granularity.
For example, in some of these embodiments, the container image analysis task may include the name of the container image to be detected. In other words, when the user uses the container mirror image software composition analysis system based on layered detection provided by the invention, only the name of the container mirror image to be detected is provided. In other embodiments, the container image analysis task may include a container image id of the container image to be detected. The specific content for identifying the container image to be detected in the container image analysis task is not limited, and the specific content only needs to include information capable of identifying the container image to be detected. Correspondingly, as will be appreciated by those skilled in the art, the container image identification herein includes a container image name, a container image id, and/or a container image hash value, among other things, that may be used to uniquely represent a container image. In some preferred embodiments the container image name may be used as the container image identifier.
Specifically, the interaction node 110 may uniquely obtain, according to the container image identifier, a container image description file corresponding to the container image to be detected through an execution engine of the container image, where the container image description file includes a hierarchical hash value of the container image. The interaction node 110 can calculate and obtain the layered content of the container mirror image to be detected and the specific storage positions of each container mirror image layer by substituting the obtained container mirror image layered hash value into a layered calculation formula provided by the container engine.
More specifically, in connection with the foregoing, one skilled in the art will appreciate that a container mirror may include one or more container mirror layers. Therefore, in the analysis system for container mirror image software composition based on layered detection provided in this embodiment, after the container mirror image analysis task is processed by the interaction node 110, the container mirror image analysis task is decomposed into container mirror image layer software analysis tasks corresponding to the number of layers of the mirror image layer of the container mirror image to be detected. The interaction node 110 (essentially the data processing module 112) issues these container mirror layer software analysis tasks to one or more analysis nodes 120. For example, for a container image to be detected having 3 container image layers, the interaction node 110 may issue the 3 container image layer software analysis tasks (in this example, it may be understood that the container image layering result is 3 container image layer software analysis tasks) to the same analysis node 120, two different analysis nodes, or three different analysis nodes 120. The invention is not limited in this regard. Further, for the case that there is only one analysis node 120, in some embodiments, the interaction node 110 may issue the software analysis tasks of the container mirror layer one by one, that is, issue the software analysis task of the container mirror layer of the next container mirror layer after waiting for the layer software analysis result corresponding to the previous 1 container mirror layer to return to the layer; in other embodiments, 3 container mirror layer software analysis tasks may be simultaneously issued to the analysis node 120, and the analysis node 120 determines the detection order of the container mirror layers. Correspondingly, each software analysis task of the container mirror layer may include a specific storage path corresponding to the container mirror layer to be detected (it should be understood by those skilled in the art that the container mirror is actually a packaged virtual environment, and finally is stored in a file form on a computer, and typically, different mirror layers are stored separately).
With continued reference to FIG. 1, in some exemplary embodiments, the analysis node 120 includes a base analysis module 121 and a software analysis module 122. Specifically, the base analysis module 121 is configured to obtain the file system and the software package manager of the container image layer to be detected according to the container image layer software analysis task and the reference file system and the reference software package manager. The software analysis module 122 is configured to obtain a layer software analysis result of the container mirror layer to be detected according to the container mirror layer software analysis task, the file system and the software package manager; and transmits the layer software analysis result to the interaction node 110. Therefore, in the analysis system for the composition of the container mirror image software based on the layered detection provided in this embodiment, the analysis node 120 includes the basic analysis module 121 and the software analysis module 122, and the basic analysis module 121 can obtain the file system and the software package manager of the container mirror image layer to be detected according to the analysis task of the container mirror image layer software, the reference file system and the reference software package manager, so as to lay a foundation for the analysis module to obtain the analysis result of the layer software of the container mirror image layer to be detected according to the file system and the software package manager of the container mirror image layer to be detected, and in addition, by adopting the modularized design mode, not only can the development efficiency of the analysis system for the composition of the container mirror image software based on the layered detection provided in this embodiment be improved, but also the maintenance cost can be reduced, and the time and labor cost are low.
Specifically, the present invention is not limited to the layer software analysis result obtained by the analysis node 120, and the layer software analysis result includes, but is not limited to, a version of the software, a release time, a size of the software, and an adaptive architecture of the container image layer to be detected. Correspondingly, the analysis results of the software composition of the to-be-detected container image obtained by the interaction node 110 include, but are not limited to, the version, the release time, the software size, the adaptation structure and other information of the software of all container image layers of the to-be-detected container image, which can embody the historical software component change of the whole container image.
In particular, for a more detailed description of the analysis result of the layer software of the container mirror layer to be detected, please refer to the related description in the analysis method of the composition of the container mirror software based on the layered detection provided by the present invention, for avoiding redundant description, the description will not be expanded here.
Example two
The embodiment provides a container mirror image software composition analysis method based on layering detection. Specifically, referring to fig. 2, fig. 2 schematically shows an overall flow chart of the method for analyzing the composition of container mirror software based on hierarchical detection according to the present embodiment. As can be seen from fig. 2, the method for analyzing the composition of container mirror software based on layered detection provided in this embodiment includes the following steps:
s100: according to the received container mirror image analysis task, obtaining a container mirror image layering result of the container mirror image to be detected so as to obtain a container mirror image layer software analysis task;
s200: according to the container mirror image layer software analysis task, acquiring a layer software analysis result of a container mirror image layer to be detected;
s300: and obtaining a software composition analysis result of the container mirror image to be detected according to the layer software analysis result.
Therefore, the method for analyzing the composition of the container mirror image software based on layered detection provided by the embodiment can acquire the layer software analysis result of the container mirror image layer to be detected according to the received container mirror image analysis task, further acquire the software composition analysis result (such as the version, release time, size and adaptive architecture of software) of the container mirror image to be detected, and can provide the historical software composition change of the whole container mirror image, so that an important reference basis can be provided for avoiding users from using software with potential safety hazards or not updating the software in time, and further a foundation is laid for improving the development efficiency and safety of products. In addition, since the method for analyzing the composition of the container mirror image software based on the layered detection provided by the embodiment and the system for analyzing the composition of the container mirror image software based on the layered detection provided by the invention belong to the same inventive concept, for more advantages of the method for analyzing the composition of the container mirror image software based on the layered detection provided by the embodiment, please refer to the related description of the advantages of the system for analyzing the composition of the container mirror image software based on the layered detection, and the description is omitted herein.
Specifically, as one of the preferred embodiments, step S100 and step S300 may be performed by the interaction node 110 of the hierarchical detection based container mirroring software composition analysis system provided in the above examples; step S200 may be performed by the analysis node 120 of the hierarchical detection-based container mirror software composition analysis system provided in the above embodiments, where it is obvious that before the interaction node 110 performs step S100, it is further required to receive a container mirror analysis task provided by a user, and before performing step S300, it is further required to receive a layer software analysis result of a container mirror layer to be detected provided by the analysis node 120; before the analysis node 120 executes step S200, it is further required to receive the container mirror layer software analysis task provided by the interaction node 110, and after executing step S200, it is further required to send the obtained layer software analysis result of the container mirror layer to be detected to the interaction node 110. It should be noted that this is merely a description of the preferred embodiments and is not a limitation of the present invention, as will be appreciated by those skilled in the art. In particular, the system provided by the invention and its individual devices, modules, units can be implemented entirely by logic programming the method steps, in addition to being implemented in pure computer readable program code, in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Therefore, the system and various devices, modules and units thereof provided by the invention can be regarded as a hardware component, and the devices, modules and units for realizing various functions included in the system can also be regarded as structures in the hardware component; means, modules, and units for implementing the various functions may also be considered as either software modules for implementing the methods or structures within hardware components.
Preferably, in some exemplary embodiments, the step S100 of obtaining a container image layering result of the container image to be detected according to the received container image analysis task specifically includes:
s110: acquiring a container mirror image identification of the container mirror image to be detected according to the container mirror image analysis task;
s120: acquiring container mirror image description data corresponding to the container mirror image to be detected according to the container mirror image identification;
s130: acquiring a container mirror hierarchical hash value according to the container mirror description data;
s140: and obtaining a container mirror image layering result of the container mirror image to be detected according to the container mirror image layering hash value and a layering calculation formula obtained from a container engine of the container mirror image to be detected.
For more details regarding steps S110 to S140, please refer to the description of the interaction module 111 and the data processing module 112 of the hierarchical detection-based container mirroring software composition analysis system provided in the above embodiment for an adaptive understanding, which is limited in space and not repeated herein.
Preferably, in some exemplary embodiments, step S200 includes obtaining a layer software analysis result of the container mirror layer to be detected according to the container mirror layer software analysis task, where the method specifically includes:
S210: acquiring a container mirror layer file system and a container mirror layer software package manager of the container mirror layer to be detected according to the container mirror layer software analysis task;
s220: and obtaining a layer software analysis result of the container mirror layer to be detected according to the container mirror layer file system and the container mirror layer software package manager.
According to the container mirror image software composition analysis method based on layered detection, different file systems are used according to different container mirror images, and version differences of software components can be caused by file system differences, firstly, a container mirror image layer file system of a container mirror image layer to be detected is determined, and therefore a foundation is laid for obtaining a correct layer software analysis result; and fully combining the situation that the software in the container mirror layer is possibly managed by different package managers, determining the container mirror layer software package manager, and further providing necessary conditions for obtaining the correct layer software analysis result.
Preferably, in some exemplary embodiments, step S210 includes acquiring, according to the task of analyzing the container mirror layer software, a specific content of the container mirror layer file system and the container mirror layer software package manager of the container mirror layer to be detected as follows. Specifically, the container image layer file system is acquired through steps S211 to S213, and the container image layer package manager is acquired through steps S214 to S215.
S211: acquiring a reference file system characteristic value dataset;
s212: acquiring a file system characteristic value of the container mirror layer file system according to the analysis task of the container mirror layer software;
s213: matching the file system characteristic values of the container mirror image layer file system with the reference file system characteristic value data set one by one, and obtaining the container mirror image layer file system according to a matching result;
s214: acquiring a reference software package manager characteristic file data set;
s215: and detecting the characteristic files of the container mirror layer to be detected according to the analysis task of the container mirror layer software and the characteristic file data set of the package manager, and obtaining the container mirror layer software package manager according to a detection result.
Therefore, according to the container mirror image software composition analysis method based on layered detection, different characteristic values exist in combination with different file systems according to the container mirror image layer software analysis task, and the characteristic values are facts capable of being disclosed to be inquired; and different package managers contain different software, different package managers have different characteristic files, and the characteristic values are publicly queriable facts, and a file system of a container mirror image layer to be detected and the container mirror image layer software package manager can be obtained, so that a foundation is laid for efficiently obtaining a correct layer software analysis result.
In particular, different container images may use different file systems, differences in file systems may result in differences in versions of software components, and analyzing the basis of the software components requires locating a particular file system. More specifically, different file systems have different eigenvalues, and the eigenvalues are publicly queriable, and the analysis node 120 matches the eigenvalues with the file system eigenvalues of the container mirror image hierarchy one by one, so as to obtain the file system used according to the mapping relation. Further, different package managers comprise different software, different package managers have different feature files, and the feature values are publicly queriable, so that the package managers used are obtained according to the mapping relation by matching the feature files with the container mirror image layered data one by one.
It should be noted that, as those skilled in the art will understand, the specific manner of acquiring the reference file system feature value dataset in step S211 and the reference software package manager feature file dataset in step S214 is not limited, and in some embodiments, the reference file system feature value dataset and the reference software package manager feature file dataset may be directly read from the memory 203, where they are already pre-stored, and may be updated according to related information issued by the provider of the container image in order to ensure security and reliability; in other embodiments, the file system supported by the container image may be published from the provider providing the container image and the web of the packet manager used or the published information channel may be crawled in real time, as the invention is not limited in this regard.
In particular, the reference file system characteristic value data set herein is a set of file systems that may be used for the container image to be detected, in other words, the reference file system characteristic value data set may be understood as a set of data (i.e., characteristic values of the file system) that may be employed by the file system for the container image to be detected. For example, the reference file system characteristic value data set may include characteristic values of 3 file systems, such as file systems F1, F2 and F3, and the file system of the container image to be detected may be file system F2, and the file system of the container image layer to be detected may be determined to be F2 by comparing the characteristic value of the file system F2 of the container image to be detected with the characteristic values of 3 file systems, such as file systems F1, F2 and F3, in the reference file system characteristic value data set one by one. The principle of obtaining the container mirror layer package manager from the reference package manager feature file data set is similar (except that the data in the package manager feature file data set is a feature file, and not a feature value), and is adaptively understood, and will not be described herein.
Preferably, in some preferred embodiments, step S220 includes obtaining, according to the container image layer file system and the container image layer package manager, a layer software analysis result of the container image layer to be detected, including:
S221: combining the container mirror layer software package manager with the container mirror layer file system one by one, and inquiring to obtain a database used by the container mirror layer software package manager;
s222: reading the database according to the analysis rule and/or the decryption rule of the database;
s223: and obtaining a layer software analysis result of the mirror image layer of the container to be detected according to the interpretation result.
Therefore, the file system information is obtained and all package managers are obtained, corresponding data can be recorded in different package manager databases based on software components, the databases used by the package managers can be obtained, and the software composition of the container mirror layer is obtained through reverse analysis or decryption of the databases.
It should be noted that, for the container mirror layer to be detected, there may be no container mirror layer package manager, there may be only one container mirror layer package manager, and there may be multiple container mirror layer package managers. For the to-be-detected container mirror layer without the container mirror layer software package manager, the obtained result of the software composition of the container mirror layer is empty (that is, the to-be-detected container mirror layer has no information about historical software component changes), and for one or more container mirror layer software package managers, the to-be-detected container mirror layer software package manager can be obtained through the steps S221 to S223.
Preferably, in some embodiments, step S300 obtains a software composition analysis result of the container image to be detected according to the layer software analysis result, and specifically includes:
s310: according to the layer sequence of the container mirror image layers to be detected and the layer software analysis results corresponding to the container mirror image layers to be detected, a container mirror image historical software component change list of the container mirror image to be detected is manufactured;
s320: and displaying the container mirror history software component change list.
Therefore, according to the method for analyzing the composition of the container mirror image software based on layered detection, firstly, according to the layer sequence of the container mirror image layer to be detected and the layer software analysis results corresponding to each container mirror image layer to be detected, a container mirror image historical software component change list of the container mirror image to be detected is manufactured, and then the container mirror image historical software component change list is displayed, so that the historical software component change of the whole container mirror image can be provided, and an important reference basis can be provided for avoiding the use of software with potential safety hazards or not updating the software in time by a user, and further, a foundation is laid for improving the development efficiency and the safety of products.
It should be noted that, as those skilled in the art will appreciate, the present invention is not limited to the manner of displaying the container image history software component change list, and may be displayed in a file manner or may be displayed in a visual manner, for example.
Example III
The embodiment provides an electronic device, please refer to fig. 3, which schematically illustrates a block structure of the electronic device according to an embodiment of the present invention. As shown in fig. 3, the electronic device includes a processor 201 and a memory 203, and the memory 203 stores a computer program, which when executed by the processor 201, implements the container mirroring software composition analysis method described above. Since the electronic device provided in this embodiment and the method for analyzing the composition of the container mirror software provided in the foregoing embodiments belong to the same inventive concept, the electronic device provided in this embodiment should at least have all the advantages of the method for analyzing the composition of the container mirror software provided in the foregoing embodiments, and will not be described in detail herein, but for more details, reference is made to the description related to the method for analyzing the composition of the container mirror software based on layered detection.
As shown in fig. 3, the electronic device further comprises a communication interface 202 and a communication bus 204, wherein the processor 201, the communication interface 202, and the memory 203 communicate with each other via the communication bus 204. The communication bus 204 may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The communication bus 204 may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus. The communication interface 202 is used for communication between the electronic device and other devices.
The processor 201 in the present invention may be a central processing unit (Central Processing Unit, CPU), other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, and the processor 201 is a control center of the electronic device, and connects various parts of the entire electronic device using various interfaces and lines.
The memory 203 may be used to store the computer program, and the processor 201 implements various functions of the electronic device by running or executing the computer program stored in the memory 203 and invoking data stored in the memory 203.
The memory 203 may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
Example IV
The present embodiment provides a readable storage medium having stored therein a computer program which, when executed by a processor, can implement the container mirroring software composition analysis method described above. Since the storage medium provided in this embodiment and the method for analyzing the composition of the container mirror software provided in the foregoing embodiments belong to the same inventive concept, the storage medium provided in this embodiment should at least have all the advantages of the method for analyzing the composition of the container mirror software provided in the foregoing embodiments, and will not be described in detail herein.
The readable storage media of embodiments of the present invention may take the form of any combination of one or more computer-readable media. The readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer hard disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
In summary, compared with the prior art, the system, the method, the electronic equipment and the medium for analyzing the composition of the container mirror image software based on layered detection have the following advantages:
the invention provides a container mirror image software composition analysis system based on layered detection, which comprises an interaction node and at least one analysis node; the interaction node is configured to acquire a container mirror image layering result of a container mirror image to be detected according to a received container mirror image analysis task; the analysis node is used for sending a container mirror image layer software analysis task to the analysis node according to the container mirror image layering result; the analysis node is configured to acquire a layer software analysis result of the container mirror layer to be detected according to the container mirror layer software analysis task, and return the layer software analysis result to the interaction node; and the interaction node is also used for obtaining the software composition analysis result of the container mirror image to be detected according to the layer software analysis result. Therefore, the container mirror image software composition analysis system based on layered detection provided by the invention can receive the container mirror image analysis task of a user through the interaction node, particularly the analysis node can acquire the layer software analysis result of the container mirror image layer to be detected according to the container mirror image layer software analysis task through the interaction node and obtain the software composition analysis result (such as the version, release time, software size, adaptation framework and the like of the software) through the interaction node, and can provide the historical software composition change of the whole container mirror image, thereby providing an important reference basis for avoiding the use of software with potential safety hazards by the user or not updating the software in time and further laying a foundation for improving the development efficiency and the safety of products. Furthermore, the container mirror image software composition analysis system based on layered detection provided by the invention takes the software mirror image layer as the analysis granularity, and the mode of integrating the software mirror image layer into zero also enables the container mirror image software composition analysis system based on layered detection provided by the embodiment to have higher analysis efficiency. Furthermore, the invention provides a container mirror software composition analysis system which can statically analyze a container mirror, does not need to dynamically construct a container mirror example, and can further improve analysis efficiency while consuming less resources (such as memory space). Still further, the user only needs to input the container mirror image analysis task into the container mirror image software composition analysis system based on layered detection, and the analysis process can acquire the layer software analysis result of the container mirror image layer to be detected without human-computer interaction, so that the operation and the use of the user are convenient.
Because the method, the electronic device and the medium for analyzing the composition of the container mirror image software based on the layered detection provided by the invention belong to the same conception as the system for analyzing the composition of the container mirror image software based on the layered detection provided by the invention, the method, the electronic device and the medium for analyzing the composition of the container mirror image software based on the layered detection provided by the invention have all the advantages of the system for analyzing the composition of the container mirror image software based on the layered detection provided by the invention, and detailed contents refer to the description related to the system for analyzing the composition of the container mirror image software based on the layered detection, and are not repeated here.
It should be noted that the apparatus and methods disclosed in the embodiments herein may be implemented in other ways. The apparatus embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments herein. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments herein may be integrated together to form a single part, or the modules may exist alone, or two or more modules may be integrated to form a single part.
The above description is only illustrative of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention, and any alterations and modifications made by those skilled in the art based on the above disclosure shall fall within the scope of the present invention. It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, the present invention is intended to include such modifications and alterations insofar as they come within the scope of the invention or the equivalents thereof.
Claims (10)
1. The container mirror image software composition analysis system based on layered detection is characterized by comprising an interaction node and at least one analysis node;
the interaction node is configured to acquire a container mirror image layering result of the container mirror image to be detected according to the received container mirror image analysis task; the analysis node is used for sending a container mirror image layer software analysis task to the analysis node according to the container mirror image layering result;
The analysis node is configured to acquire a layer software analysis result of the container mirror layer to be detected according to the container mirror layer software analysis task, and return the layer software analysis result to the interaction node;
and the interaction node is also used for obtaining the software composition analysis result of the container mirror image to be detected according to the layer software analysis result.
2. The container mirroring software composition analysis system of claim 1, wherein the interaction node comprises an interaction module and a data processing module;
the interaction module is configured to acquire a container mirror image identification of the container mirror image to be detected according to the received container mirror image analysis task;
the data processing module is configured to acquire container mirror image description data of the container mirror image to be detected according to the container mirror image identification, and acquire the container mirror image layering result according to the container mirror image description data; and the analysis node is used for sending the container mirror image layer software analysis task to the analysis node according to the container mirror image layering result.
3. The container mirror software composition analysis system of claim 1, wherein the analysis node comprises a base analysis module and a software analysis module;
The basic analysis module is configured to acquire a file system and a software package manager of the container mirror layer to be detected according to the container mirror layer software analysis task, the reference file system and the reference software package manager;
the software analysis module is configured to obtain a layer software analysis result of the container mirror image layer to be detected according to the container mirror image layer software analysis task, the file system and the software package manager; and sending the analysis result of the layer software to the interaction node.
4. The method for analyzing the composition of the container mirror image software based on layered detection is characterized by comprising the following steps:
according to the received container mirror image analysis task, obtaining a container mirror image layering result of the container mirror image to be detected so as to obtain a container mirror image layer software analysis task;
according to the container mirror image layer software analysis task, acquiring a layer software analysis result of a container mirror image layer to be detected;
and obtaining a software composition analysis result of the container mirror image to be detected according to the layer software analysis result.
5. The method for analyzing the composition of a container image software according to claim 4, wherein the step of obtaining a layering result of a container image to be detected according to the received container image analysis task comprises the steps of:
Receiving the container mirror analysis task;
acquiring a container mirror image identification of the container mirror image to be detected according to the container mirror image analysis task;
acquiring container mirror image description data corresponding to the container mirror image to be detected according to the container mirror image identification;
acquiring a container mirror hierarchical hash value according to the container mirror description data;
and obtaining a container mirror image layering result of the container mirror image to be detected according to the container mirror image layering hash value and a layering calculation formula obtained from a container engine of the container mirror image to be detected.
6. The method for analyzing the composition of container mirror software according to claim 4, wherein the step of obtaining the layer software analysis result of the container mirror layer to be detected according to the container mirror layer software analysis task comprises the steps of:
acquiring a container mirror layer file system and a container mirror layer software package manager of the container mirror layer to be detected according to the container mirror layer software analysis task;
and obtaining a layer software analysis result of the container mirror layer to be detected according to the container mirror layer file system and the container mirror layer software package manager.
7. The method for analyzing the composition of container mirror software according to claim 6, wherein the obtaining the container mirror layer file system and the container mirror layer package manager of the container mirror layer to be detected according to the container mirror layer software analysis task includes:
Acquiring a reference file system characteristic value dataset;
acquiring a file system characteristic value of the container mirror layer file system according to the analysis task of the container mirror layer software;
matching the file system characteristic values of the container mirror image layer file system with the reference file system characteristic value data set one by one, and obtaining the container mirror image layer file system according to a matching result;
acquiring a reference software package manager characteristic file data set;
and detecting the characteristic files of the container mirror layer to be detected according to the analysis task of the container mirror layer software and the characteristic file data set of the package manager, and obtaining the container mirror layer software package manager according to a detection result.
8. The method for analyzing the composition of the container mirror image software according to claim 4, wherein obtaining the analysis result of the composition of the container mirror image to be detected according to the analysis result of the layer software comprises:
according to the layer sequence of the container mirror image layers to be detected and the layer software analysis results corresponding to the container mirror image layers to be detected, a container mirror image historical software component change list of the container mirror image to be detected is manufactured;
and displaying the container mirror history software component change list.
9. An electronic device comprising a processor and a memory, the memory having stored thereon a computer program which, when executed by the processor, implements the container mirroring software composition analysis method of any one of claims 4 to 8.
10. A readable storage medium, wherein a computer program is stored in the readable storage medium, which when executed by a processor, implements the container mirroring software composition analysis method according to any one of claims 4 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311318935.XA CN117311905A (en) | 2023-10-11 | 2023-10-11 | Container mirror image software composition analysis system and method based on layered detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311318935.XA CN117311905A (en) | 2023-10-11 | 2023-10-11 | Container mirror image software composition analysis system and method based on layered detection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117311905A true CN117311905A (en) | 2023-12-29 |
Family
ID=89236991
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311318935.XA Pending CN117311905A (en) | 2023-10-11 | 2023-10-11 | Container mirror image software composition analysis system and method based on layered detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117311905A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170116415A1 (en) * | 2015-10-01 | 2017-04-27 | Twistlock, Ltd. | Profiling of container images and enforcing security policies respective thereof |
| CN113239353A (en) * | 2021-04-15 | 2021-08-10 | 上海交通大学 | Content difference-based container software security detection system and method |
| CN114020411A (en) * | 2021-11-03 | 2022-02-08 | 安天科技集团股份有限公司 | Mirror image system security analysis method and system |
| CN114780139A (en) * | 2022-04-01 | 2022-07-22 | 上海安势信息技术有限公司 | Mirror image component analysis method, system and storage medium |
| CN115729555A (en) * | 2022-09-07 | 2023-03-03 | 深圳开源互联网安全技术有限公司 | Software component analysis method, device, terminal device and storage medium |
| CN116048554A (en) * | 2022-12-30 | 2023-05-02 | 天翼云科技有限公司 | Container mirror image security scanning method and device, electronic equipment and storage medium |
| CN116795486A (en) * | 2023-06-15 | 2023-09-22 | 软安科技有限公司 | Analysis method and device for container mirror image file purification, storage medium and terminal |
-
2023
- 2023-10-11 CN CN202311318935.XA patent/CN117311905A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170116415A1 (en) * | 2015-10-01 | 2017-04-27 | Twistlock, Ltd. | Profiling of container images and enforcing security policies respective thereof |
| CN113239353A (en) * | 2021-04-15 | 2021-08-10 | 上海交通大学 | Content difference-based container software security detection system and method |
| CN114020411A (en) * | 2021-11-03 | 2022-02-08 | 安天科技集团股份有限公司 | Mirror image system security analysis method and system |
| CN114780139A (en) * | 2022-04-01 | 2022-07-22 | 上海安势信息技术有限公司 | Mirror image component analysis method, system and storage medium |
| CN115729555A (en) * | 2022-09-07 | 2023-03-03 | 深圳开源互联网安全技术有限公司 | Software component analysis method, device, terminal device and storage medium |
| CN116048554A (en) * | 2022-12-30 | 2023-05-02 | 天翼云科技有限公司 | Container mirror image security scanning method and device, electronic equipment and storage medium |
| CN116795486A (en) * | 2023-06-15 | 2023-09-22 | 软安科技有限公司 | Analysis method and device for container mirror image file purification, storage medium and terminal |
Non-Patent Citations (3)
| Title |
|---|
| WAHEEDA SYED SHAMEEM AHAMED: "Security Audit of Docker Container Images in Cloud Architecture", 《2021 2ND INTERNATIONAL CONFERENCE ON SECURE CYBER COMPUTING AND COMMUNICATIONS (ICSCCC)》, 13 July 2021 (2021-07-13) * |
| 夏懿航: "基于依赖关系的容器供应链脆弱性检测方法", 《信息网络安全》, vol. 23, no. 02, 10 February 2023 (2023-02-10) * |
| 鲁涛;陈杰;史军;: "Docker安全性研究", 计算机技术与发展, no. 06, 24 February 2018 (2018-02-24) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200264776A1 (en) | Virtualized block device backing for virtualization containers | |
| US9772890B2 (en) | Sophisticated run-time system for graph processing | |
| US11093221B1 (en) | Automatic containerization of operating system distributions | |
| US9304835B1 (en) | Optimized system for analytics (graphs and sparse matrices) operations | |
| US9716770B2 (en) | Cache control for web application resources | |
| US8139872B2 (en) | Splitting file types within partitioned images | |
| Capuccini et al. | Large-scale virtual screening on public cloud resources with Apache Spark | |
| CN115080514A (en) | Index data generation method, information retrieval method, device and computer system | |
| US20240004871A1 (en) | Systems and methods for targeted data discovery | |
| CN115982491A (en) | Page updating method and device, electronic equipment and computer readable storage medium | |
| CN117311905A (en) | Container mirror image software composition analysis system and method based on layered detection | |
| van Dinter et al. | Just-in-time defect prediction for mobile applications: using shallow or deep learning? | |
| JP2022171570A (en) | Providing container image | |
| Jang et al. | Design and implementation of a bloom filter-based data deduplication algorithm for efficient data management | |
| US20240089275A1 (en) | Log anomaly detection in continuous artificial intelligence for it operations | |
| US11841916B2 (en) | System and method to update a bookmarked document link and avoid a broken link | |
| US11487467B1 (en) | Layered memory mapped file technology | |
| US20220197889A1 (en) | Identifying incorrect links | |
| US20240152569A1 (en) | Finding and presenting content relevant to a user objective | |
| US20230315980A1 (en) | Content association in file editing | |
| US20240152698A1 (en) | Data-driven named entity type disambiguation | |
| US20230222248A1 (en) | Secure datastore of searchable heterogenous geospatial data | |
| US20240111899A1 (en) | Data processing systems and methods for anonymizing data samples in classification analysis | |
| CN115470045A (en) | Virtualized data backup method and device, electronic equipment and storage medium | |
| WO2022061270A1 (en) | Data processing systems and methods for automatically detecting target data transfers and target data processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |