CN109918911A - A kind of scan method and equipment of mirror image installation package informatin - Google Patents
A kind of scan method and equipment of mirror image installation package informatin Download PDFInfo
- Publication number
- CN109918911A CN109918911A CN201910207653.XA CN201910207653A CN109918911A CN 109918911 A CN109918911 A CN 109918911A CN 201910207653 A CN201910207653 A CN 201910207653A CN 109918911 A CN109918911 A CN 109918911A
- Authority
- CN
- China
- Prior art keywords
- mirror image
- file
- image
- repo
- installation package
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of scan methods of mirror image installation package informatin, include the following steps: repo:tag list present in designated mirror warehouse;Mirror image in repo:tag list is traversed.Wherein, described the step of traversing to mirror image in repo:tag list includes: downloading mirror image manifest file corresponding with repo:tag list to locally;Parse mirror image manifest file;Check manifest file;Download image file;The data of image file are scanned.The present invention is avoided the multiple scanning and repeated downloads of mirror image, is improved the scan efficiency of mirror image installation kit, reduce network flow by the verification to related mirror image manifest file.
Description
Technical field:
The present invention relates to field of computer technology, specifically, being related to a kind of mirror image installation kit information scanning method and apparatus.
Background technique:
So far from publication in 2013, Docker has been increasingly becoming the open source application container engine of current most mainstream, allows exploitation
Person can be packaged their application and rely on packet into a transplantable container, then be published to the Linux of any prevalence
On machine, to realize the primary purpose for creating, arbitrarily running.Docker, which additionally provides docker hub, to allow user to upload
The mirror image of creation so as to other users downloading, fast construction environment, but also brings some safety problems simultaneously: transporting in container
Under row environment, all service routines are packaged into container mirror image, as mirror image packet is issued together, due to mirror image packing and issuing
There is nonstandard operation in the process, illegal installation kit loading source causes mirror image to introduce loophole, primary early in 2015
In investigation, researcher just it has been found that sampling Dockerhub on the presence of 30%-40% mirror image safety the problem of.In this way
It just needs to provide a kind of mechanism to scan and find various risks (CVE) present in mirror image installation kit, since mirror image installation kit exists
The status of information source is in during CICD (continuous integrating/publication), it is therefore desirable to the diffusion controlled risk from source.
Clair is currently used mirror image scanning tools, main modular be divided into Detector, Fetcher, Notifier and
Webhook carries out the extraction of feature, then again by these characteristic matchings CVE vulnerability database, if finding loophole to mirror image first
It is prompted and is repaired.However, Clair be not directed to the access order of local mirror image feature optimization layer, data downloading mode,
Decompressing method causes CPU, memory, network performance consumption huge, and scanning speed is slow.
In view of this, proposing the present invention.
Summary of the invention:
In view of this, the purpose of the present invention is to provide the scan methods and equipment of a kind of mirror image installation package informatin, with solution
Technical problem at least one of certainly in the prior art.
Specifically, the first aspect of the present invention, provides a kind of scan method of mirror image installation package informatin, including walk as follows
It is rapid:
Repo:tag list present in designated mirror warehouse;
Mirror image in repo:tag list is traversed;
Wherein, described the step of traversing to mirror image in repo:tag list, includes:
Mirror image manifest file corresponding with repo:tag list is downloaded to locally;
Parse mirror image manifest file;
Check manifest file;
Download image file;
The data of image file are scanned.
By adopting the above technical scheme, the multiple scanning and repeated downloads for avoiding mirror image, improve sweeping for mirror image installation kit
Efficiency is retouched, network flow is reduced.
Preferably, pass through repo:tag list present in API designated mirror warehouse.
Preferably, mirror image manifest file corresponding with repo:tag list is downloaded to locally by API.
Preferably, mirror image manifest file storage is in local CACHE DIRECTORY.
Preferably, the step of parsing mirror image manifest file includes:
Parse mirror image manifest file;
Obtain the id list of Image Planes;
Sequence group stratification chained list;
Judge in layer chained list whether to be multilayer,
If it has, then it is downloaded image file step,
If it has not, then executing the security sweep to not scanned mirror image, that is, download another in repo:tag list
Corresponding mirror image manifest file is to locally.
Preferably, the step of verification manifest file includes:
Judge that the installation package informatin record of layer whether there is in cache database,
If it is, obtaining the installation package informatin of layer from cache database, and execute the safety to not scanned mirror image
Scanning, i.e. another corresponding mirror image manifest file in downloading repo:tag list to local,
If it has not, then downloading image file.
Preferably, the step of downloading image file includes:
The compressed package of Image Planes is downloaded to locally;
Judge whether to download successfully,
If it has not, then continue the compressed package of downloading Image Planes,
If it has, then being decompressed to compressed package.
Determine it is furthermore preferred that downloading unsuccessful number to the compressed package of Image Planes,
If unsuccessful number is more than 3 times, the security sweep to not scanned mirror image is executed, i.e. downloading repo:tag column
Another corresponding mirror image manifest file in table to local,
If unsuccessful number is less than 3 times, continue the compressed package for downloading Image Planes.
It is furthermore preferred that the compressed package of the Image Planes is saved in local temp directory.
It is furthermore preferred that described the step of decompressing to compressed package, includes:
Judge that the specified file being extracted whether there is,
If it has, then the file after decompression is scanned,
If it has not, then executing the security sweep to not scanned mirror image, that is, download another in repo:tag list
Corresponding mirror image manifest file is to locally.
Preferably, the step of data to image file are scanned include:
File after progressive scan decompression,
Execute the security sweep to not scanned mirror image, i.e. another corresponding mirror image in downloading repo:tag list
Manifest file is to locally.
Preferably, after being scanned to the data of image file, before executing to the security sweep of not scanned mirror image,
Further include following steps:
The installation package informatin of layer is obtained,
The installation package informatin of layer is stored in cache database.
By adopting the above technical scheme, by updating the installation package informatin of the layer in cache database, make cache database more
Be it is perfect, improve scan efficiency.
Another aspect of the present invention, provides a kind of scanning device of mirror image installation package informatin, and the equipment includes: processing
Device;
Storage device, for storing one or more programs;
One or more of programs are executed by one or more of processors, so that one or more of processors
Realize above-mentioned scan method.
Another aspect of the present invention, provides a kind of storage medium, and the storage medium includes one or more programs, institute
Above-mentioned scan method can be executed by stating one or more programs.
In conclusion the invention has the following advantages:
1. by adopting the above technical scheme, avoiding the repetition of mirror image from sweeping by the verification to related mirror image manifest file
It retouches and repeated downloads, improves the scan efficiency of mirror image installation kit, reduce network flow.
2. by adopting the above technical scheme, improving the comprehensive of scanning by the traversal to related mirror image, ensure that mirror image
Using safe.
3. by adopting the above technical scheme, making cache database by updating the installation package informatin of the layer in cache database
It is more perfect, improve scan efficiency.
Detailed description of the invention:
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the execution flow chart for the scan method that mirror image of the present invention installs package informatin;
Fig. 2 is the execution flow chart traversed to the mirror image in repo:tag list;
Fig. 3 is a kind of flow chart of the preferred embodiment for the scan method that mirror image of the present invention installs package informatin.
Specific embodiment:
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under that premise of not paying creative labor
Embodiment shall fall within the protection scope of the present invention.
It is only to be not intended to limit the invention merely for for the purpose of describing particular embodiments in terminology used in the present invention.
It is also intended in the present invention and the "an" of singular used in the attached claims, " described " and "the" including majority
Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps
It may be combined containing one or more associated any or all of project listed.
Below to this application involves some concepts explain:
Docker: being the application container engine of an open source, allows developer that can be packaged their application and relies on packet
Into a transplantable container, then it is published on the Linux machine of any prevalence, also may be implemented to virtualize.Container is
Sandbox mechanism is used completely, does not have any interface between each other.
Mirror image warehouse: Docker mirror image leaves warehouse concentratedly, and different hosts can download Docker mirror from the warehouse
Picture.
The mirror image warehouse that Docker hub:Docker official provides.
Docker Registry: the privately owned mirror image warehouse that user builds as needed.
Manifest file: the meta data file of image file.
Layer chained list: the data structure of std::list<Layerlnfo>xxx form.
API: application programming interface.It is some functions predetermined, it is therefore an objective to which application program and exploit person are provided
Member is able to the ability of one group of routine of access based on certain software or hardware, and is not necessarily to access source code, or understand internal work mechanism
Details.
The present invention will be described in detail by way of examples below.
The embodiment of the present application solves the prior art by providing the scan method and equipment of a kind of mirror image installation package informatin
In, for mirror image installation kit when carrying out security sweep, CPU (central processing unit), memory, network performance consumption are big, and scanning speed is slow
At least one technical problem in, improves scan efficiency.
The technical solution of the embodiment of the present application is in order to solve the above technical problems, general thought is as follows:
A kind of scan method of mirror image installation package informatin, includes the following steps: repo present in designated mirror warehouse:
Tag list;Mirror image in repo:tag list is traversed;
Wherein, described the step of traversing to mirror image in repo:tag list includes: downloading and repo:tag list pair
The mirror image manifest file answered is to locally;Parse mirror image manifest file;Check manifest file;Download mirror image text
Part;The data of image file are scanned.
In order to better understand the above technical scheme, in conjunction with appended figures and specific embodiments to upper
Technical solution is stated to be described in detail.
In a preferred embodiment of the present invention, a kind of scan method of mirror image installation package informatin is provided, is such as schemed
Shown in 1- Fig. 3, include the following steps:
Step S101: repo:tag list present in designated mirror warehouse;
In the specific implementation process, the mirror image warehouse can be publicly-owned mirror image warehouse such as Docker hub, or
Privately owned mirror image warehouse such as Docker Registry.
It in the specific implementation process, may include one or more image file labels, the mirror in repo:tag list
As file is for building corresponding running environment such as java, python environment, or the relevant program of operation.
As an alternative embodiment, by repo:tag list present in API designated mirror warehouse, specifically
, it can be realized by Registry API and repo:tag list is specified.
Step S102: traversing the mirror image in repo:tag list, confirms the safety of mirror image;
Wherein, in the step S102 further include:
Step S1021: downloading mirror image manifest file corresponding with repo:tag list is to locally;
In the specific implementation process, mirror image manifest file storage is in local CACHE DIRECTORY, the CACHE DIRECTORY
It can be one or more.
In the specific implementation process, the manifest file for downloading a mirror image every time, as all mirror image manifest
After the completion of file is downloaded, the ergodic process is considered as completion.
By adopting the above technical scheme, mirror image manifest file data amount is small, and has correspondingly with image file
Relationship, therefore download mirror image manifest file and the scan efficiency of image file can be improved, reduce the consumption of network flow.
As an alternative embodiment, downloading mirror image manifest text corresponding with repo:tag list by API
Part is to local, specifically, can realize the downloading to mirror image manifest file by Registry API.
Step S1022: parsing mirror image manifest file;
As an alternative embodiment, the step of parsing mirror image manifest file, includes:
Parse mirror image manifest file;
Obtain the id list of Image Planes;
Sequence group stratification chained list;
Judge in layer chained list whether to be multilayer,
If it has, then it is downloaded image file step,
If it has not, executing step S1021, another corresponding mirror image manifest file in repo:tag list is downloaded
To local.
In the specific implementation process, the id of Image Planes is directly obtained from the Layers field of manifest file (layer field)
It takes.Layers field (layer field) is an array, and first element of array is first layer, and second element of array is
Two layers, and so on, layered chained list is organized in sequence.
In the specific implementation process, the id information of Image Planes is obtained by parsing mirror image manifest file, then passes through mirror
As layer id information inquires local cache, available installation package informatin.The installation package informatin is the journey installed in the system
The set of the information of the corresponding title+version in sequence library (openssl, boost, curl, python2.7...).
Step S1023: verification manifest file;
As an alternative embodiment, the step of verification manifest file, includes:
Judge that the installation package informatin record of layer whether there is in cache database,
If it is, obtaining the installation package informatin of layer from cache database, step S1021, downloading repo:tag column are executed
Another corresponding mirror image manifest file in table to local,
If it has not, then downloading image file.
In the specific implementation process, the cache database can be set in local computer or LAN server,
When installation package informatin record is present in cache database, this is pulled according to installation package informatin record and is mirrored to locally specified position
It sets.
In the specific implementation process, it when installation package informatin record does not exist in cache database, then needs from mirror image storehouse
Download corresponding image file in library.
In the specific implementation process, judge installation package informatin record with the presence or absence of in cache database according to the information of layer id
In.
By adopting the above technical scheme, it to the mirror image for recording installation package informatin in cache database, is directly pulled,
Network flow has been saved, scan efficiency is improved.
Step S1024: downloading image file;
As an alternative embodiment, the step of downloading image file, includes:
The compressed package of Image Planes is downloaded to locally;
Judge whether to download successfully,
If it has not, then continue the compressed package of downloading Image Planes,
If it has, then being decompressed to compressed package.
In the specific implementation process, the compressed package of the Image Planes includes mirror image data, position data of each layer etc..
In the specific implementation process, the compressed package of Image Planes is saved in local temp directory.
Determine as an alternative embodiment, downloading unsuccessful number to the compressed package of Image Planes,
If unsuccessful number is more than 3 times, S1021 is thened follow the steps, another in downloading repo:tag list is corresponding
Mirror image manifest file to local,
If unsuccessful number is less than 3 times, continue the compressed package for downloading Image Planes.
In the specific implementation process, the image file that the unsuccessful number of downloading is more than 3 times is recorded, and generates downloading
The record file of failure mirror image, consults convenient for user and manually adds to such mirror image.
By adopting the above technical scheme, skip and be not easy the mirror image that is not present in downloading or mirror image warehouse, avoid scanner program into
Enter endless loop, ensure that the reliable and stable of scanning process, trouble-free operation.
As an alternative embodiment, described the step of decompressing to compressed package, includes:
Judge that the specified file being extracted whether there is,
If it has, then the file after decompression is scanned,
If it has not, then downloading another corresponding mirror image manifest file in repo:tag list to local.
Step S1025: the data of image file are scanned.
As an alternative embodiment, the data to image file include: the step of being scanned
File after progressive scan decompression,
Step S1021 is executed, downloads another corresponding mirror image manifest file in repo:tag list to locally.
As an alternative embodiment, before executing step S1021, also being wrapped after progressively scanning the file after decompression
Include following steps:
The installation package informatin of layer is obtained,
The installation package informatin of layer is stored in cache database,
By adopting the above technical scheme, by updating the installation package informatin of the layer in cache database, make cache database more
Be it is perfect, reduce the repeated downloads of image file, improve scan efficiency.
Based on the same inventive concept, the present invention provides a kind of scanning device of mirror image installation package informatin, the equipment packets
It includes:
Processor;
Storage device, for storing one or more programs;
One or more of programs are executed by one or more of processors, so that one or more of processors
Realize above-mentioned scan method.
Based on the same inventive concept, the present invention provides a kind of storage medium, the storage medium includes one or more
Program, one or more of programs can be executed by processor to complete above-mentioned scan method.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.Another point, shown or discussed mutual coupling, direct-coupling or communication connection can
To be the indirect coupling or communication connection of device or unit through some interfaces, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It should be appreciated that can be combined with each other combination in the embodiment of the present application from power, each embodiment, feature, can realize
Solve aforementioned technical problem.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.
Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Claims (10)
1. a kind of scan method of mirror image installation package informatin, includes the following steps:
Repo:tag list present in designated mirror warehouse;
Mirror image in repo:tag list is traversed;
Wherein, described the step of traversing to mirror image in repo:tag list, includes:
Mirror image manifest file corresponding with repo:tag list is downloaded to locally;
Parse mirror image manifest file;
Check manifest file;
Download image file;
The data of image file are scanned.
2. the scan method of mirror image installation package informatin according to claim 1, it is characterised in that: pass through API designated mirror
Repo:tag list present in warehouse, and mirror image manifest file corresponding with repo:tag list is downloaded by API and is arrived
It is local.
3. the scan method of mirror image installation package informatin according to claim 1, it is characterised in that: the parsing mirror image
The step of manifest file includes:
Parse mirror image manifest file;
Obtain the id list of Image Planes;
Sequence group stratification chained list;
Judge in layer chained list whether to be multilayer,
If it has, then it is downloaded image file step,
If it has not, then executing the security sweep to not scanned mirror image, i.e., another in downloading repo:tag list corresponds to
Mirror image manifest file to local.
4. the scan method of mirror image installation package informatin according to claim 1, it is characterised in that: the verification manifest
The step of file includes:
Judge that the installation package informatin record of layer whether there is in cache database,
If it is, obtaining the installation package informatin of layer from cache database, and the security sweep to not scanned mirror image is executed,
I.e. download repo:tag list in another corresponding mirror image manifest file to local,
If it has not, then downloading image file.
5. the scan method of mirror image installation package informatin according to claim 1, it is characterised in that: the downloading image file
The step of include:
The compressed package of Image Planes is downloaded to locally;
Judge whether to download successfully,
If it has not, then continue the compressed package of downloading Image Planes,
If it has, then being decompressed to compressed package.
6. the scan method of mirror image installation package informatin according to claim 5, it is characterised in that: to the compressed package of Image Planes
Unsuccessful number is downloaded to be determined,
If unsuccessful number is more than 3 times, the security sweep to not scanned mirror image is executed, i.e., in downloading repo:tag list
Another corresponding mirror image manifest file to local,
If unsuccessful number is less than 3 times, continue the compressed package for downloading Image Planes.
7. the scan method of mirror image installation package informatin according to claim 5, it is characterised in that: described to be carried out to compressed package
The step of decompression includes:
Judge that the specified file being extracted whether there is,
If it has, then the file after decompression is scanned,
If it has not, then executing the security sweep to not scanned mirror image, i.e., another in downloading repo:tag list corresponds to
Mirror image manifest file to local.
8. the scan method of mirror image installation package informatin according to claim 1, it is characterised in that: to the data of image file
Further include following steps before executing to the security sweep of not scanned mirror image after being scanned:
The installation package informatin of layer is obtained,
The installation package informatin of layer is stored in cache database.
9. a kind of scanning device of mirror image installation package informatin, the equipment include:
Processor;
Storage device, for storing one or more programs;
One or more of programs are executed by one or more of processors, so that one or more of processors are realized
Scan method as described in claim 1-8 is any.
10. a kind of storage medium, the storage medium includes one or more programs, and one or more of programs can execute
Any scan method such as claim 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910207653.XA CN109918911B (en) | 2019-03-18 | 2019-03-18 | Method and equipment for scanning mirror image installation package information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910207653.XA CN109918911B (en) | 2019-03-18 | 2019-03-18 | Method and equipment for scanning mirror image installation package information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109918911A true CN109918911A (en) | 2019-06-21 |
| CN109918911B CN109918911B (en) | 2020-11-03 |
Family
ID=66965625
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910207653.XA Active CN109918911B (en) | 2019-03-18 | 2019-03-18 | Method and equipment for scanning mirror image installation package information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109918911B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111443992A (en) * | 2020-03-31 | 2020-07-24 | 高新兴科技集团股份有限公司 | Docker mirror image difference derivation method, computer storage medium and electronic device |
| CN111654531A (en) * | 2020-05-22 | 2020-09-11 | 国云科技股份有限公司 | Container-based mirror image update publishing method and device |
| CN112084496A (en) * | 2020-09-02 | 2020-12-15 | 浪潮云信息技术股份公司 | Clair-based mirror image security scanning method |
| CN112527467A (en) * | 2020-12-23 | 2021-03-19 | 同盾控股有限公司 | Storage structure, query method, deletion method, device, equipment and medium of container mirror image |
| US11481487B2 (en) | 2019-07-08 | 2022-10-25 | Google Llc | System and method of detecting file system modifications via multi-layer file system state |
| US11972252B2 (en) | 2021-08-02 | 2024-04-30 | Micro Focus Llc | Docker installed software/hardware discovery |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394457A (en) * | 2007-09-21 | 2009-03-25 | 虹光精密工业(苏州)有限公司 | Scanning method |
| US20140082729A1 (en) * | 2012-09-19 | 2014-03-20 | Estsecurity Co., Ltd. | System and method for analyzing repackaged application through risk calculation |
| CN105930230A (en) * | 2016-04-18 | 2016-09-07 | 乐视控股(北京)有限公司 | Multilayer mirror image management method |
| CN107315843A (en) * | 2017-07-27 | 2017-11-03 | 南方电网科学研究院有限责任公司 | The storage method and system of massive structured data |
| US9882784B1 (en) * | 2017-09-26 | 2018-01-30 | Tesuto Llc | Holistic validation of a network via native communications across a mirrored emulation of the network |
| CN107665224A (en) * | 2016-07-29 | 2018-02-06 | 北京京东尚科信息技术有限公司 | Scan the mthods, systems and devices of HDFS cold datas |
| CN108509253A (en) * | 2018-04-03 | 2018-09-07 | 南京中兴软创软件技术有限公司 | A kind of method of a large amount of container mirror images of release quickly |
| CN109104451A (en) * | 2017-06-21 | 2018-12-28 | 阿里巴巴集团控股有限公司 | The pre-heating mean and node of the method for down loading and node of Docker mirror image, Docker mirror image |
-
2019
- 2019-03-18 CN CN201910207653.XA patent/CN109918911B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394457A (en) * | 2007-09-21 | 2009-03-25 | 虹光精密工业(苏州)有限公司 | Scanning method |
| US20140082729A1 (en) * | 2012-09-19 | 2014-03-20 | Estsecurity Co., Ltd. | System and method for analyzing repackaged application through risk calculation |
| CN105930230A (en) * | 2016-04-18 | 2016-09-07 | 乐视控股(北京)有限公司 | Multilayer mirror image management method |
| CN107665224A (en) * | 2016-07-29 | 2018-02-06 | 北京京东尚科信息技术有限公司 | Scan the mthods, systems and devices of HDFS cold datas |
| CN109104451A (en) * | 2017-06-21 | 2018-12-28 | 阿里巴巴集团控股有限公司 | The pre-heating mean and node of the method for down loading and node of Docker mirror image, Docker mirror image |
| CN107315843A (en) * | 2017-07-27 | 2017-11-03 | 南方电网科学研究院有限责任公司 | The storage method and system of massive structured data |
| US9882784B1 (en) * | 2017-09-26 | 2018-01-30 | Tesuto Llc | Holistic validation of a network via native communications across a mirrored emulation of the network |
| CN108509253A (en) * | 2018-04-03 | 2018-09-07 | 南京中兴软创软件技术有限公司 | A kind of method of a large amount of container mirror images of release quickly |
Non-Patent Citations (3)
| Title |
|---|
| JIE YAO 等: "Elastic-RAID: A New Architecture for Improved Availability of Parity-Based RAIDs by Elastic Mirroring", 《IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS》 * |
| 简智强: "Docker容器安全监控系统设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 郎为民 等: "Android系统安全机制研究", 《电信快报》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11481487B2 (en) | 2019-07-08 | 2022-10-25 | Google Llc | System and method of detecting file system modifications via multi-layer file system state |
| US11829470B2 (en) | 2019-07-08 | 2023-11-28 | Google Llc | System and method of detecting file system modifications via multi-layer file system state |
| CN111443992A (en) * | 2020-03-31 | 2020-07-24 | 高新兴科技集团股份有限公司 | Docker mirror image difference derivation method, computer storage medium and electronic device |
| CN111443992B (en) * | 2020-03-31 | 2023-04-07 | 高新兴科技集团股份有限公司 | Docker mirror image difference derivation method, computer storage medium and electronic device |
| CN111654531A (en) * | 2020-05-22 | 2020-09-11 | 国云科技股份有限公司 | Container-based mirror image update publishing method and device |
| CN111654531B (en) * | 2020-05-22 | 2023-05-05 | 国云科技股份有限公司 | Mirror image update release method and device based on container |
| CN112084496A (en) * | 2020-09-02 | 2020-12-15 | 浪潮云信息技术股份公司 | Clair-based mirror image security scanning method |
| CN112527467A (en) * | 2020-12-23 | 2021-03-19 | 同盾控股有限公司 | Storage structure, query method, deletion method, device, equipment and medium of container mirror image |
| US11972252B2 (en) | 2021-08-02 | 2024-04-30 | Micro Focus Llc | Docker installed software/hardware discovery |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109918911B (en) | 2020-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109918911A (en) | A kind of scan method and equipment of mirror image installation package informatin | |
| US9800412B2 (en) | System and method for securing sensitive data | |
| US11481244B2 (en) | Methods and systems that verify endpoints and external tasks in release-pipeline prior to execution | |
| US9762606B2 (en) | Image vulnerability repair in a networked computing environment | |
| US10521447B2 (en) | Container application execution using image metadata | |
| US9602599B2 (en) | Coordinating application migration processes | |
| CN102195970B (en) | Based on the debugging of client session | |
| CN105490860B (en) | The method, apparatus and system of disposing application program running environment | |
| CN103645914B (en) | Software cleaning method and device | |
| WO2016019893A1 (en) | Application installation method and apparatus | |
| CN104462968B (en) | Scan method, the device and system of malicious application | |
| US8806475B2 (en) | Techniques for conditional deployment of application artifacts | |
| US9094473B2 (en) | Installation of an asset from a cloud marketplace to a cloud server in a private network | |
| EP3345112B1 (en) | Thresholds on scripts executable by unified extensible firmware interface systems | |
| CN109062630A (en) | A kind of program resource content download method, device and terminal device | |
| CN104156215B (en) | The method and device of application information is obtained based on Mobile operating system | |
| US20160314021A1 (en) | Enhanced command selection in a networked computing environment | |
| US10001989B2 (en) | Verifying source code in disparate source control systems | |
| US20170212775A1 (en) | Program execution without the use of bytecode modification or injection | |
| CN106980501A (en) | A kind of software package management method, device and system | |
| CN110069217A (en) | A kind of date storage method and device | |
| CN106775843B (en) | Dalvik byte code optimization method based on memory loading | |
| CN105354081B (en) | The method and device of synchronous binding service | |
| CN104580429B (en) | A kind of method, server and cloud disk client loading communication information | |
| CN107566515A (en) | A kind of document down loading method and relevant apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |