CN109918911B - Method and equipment for scanning mirror image installation package information - Google Patents
Method and equipment for scanning mirror image installation package information Download PDFInfo
- Publication number
- CN109918911B CN109918911B CN201910207653.XA CN201910207653A CN109918911B CN 109918911 B CN109918911 B CN 109918911B CN 201910207653 A CN201910207653 A CN 201910207653A CN 109918911 B CN109918911 B CN 109918911B
- Authority
- CN
- China
- Prior art keywords
- mirror image
- scanning
- mirror
- installation package
- repo
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a method for scanning mirror image installation package information, which comprises the following steps: specifying the presence of a repo in the mirror store: tag list; for repo: and traversing the mirror image in the tag list. Wherein the pair of repo: the step of traversing the mirror image in the tag list comprises the following steps: downloading and repo: mirroring a manifest file corresponding to the tag list to the local; analyzing a mirror image manifest file; checking a manifest file; downloading a mirror image file; and scanning the data of the mirror image file. According to the invention, through checking the related mirror image manifest file, the repeated scanning and repeated downloading of the mirror image are avoided, the scanning efficiency of the mirror image installation package is improved, and the network flow is reduced.
Description
The technical field is as follows:
the invention relates to the technical field of computers, in particular to a method and equipment for scanning mirror image installation package information.
Background art:
since 2013, Docker has gradually become the most popular open source application container engine at present, so that developers can package their applications and dependence packages into a portable container and then distribute the portable container to any popular Linux machine, thereby achieving the purpose of one-time creation and arbitrary operation. Docker has also provided Docker hub can let the user upload the mirror image of establishing to other users download, build the environment fast, but has brought some safety problems simultaneously: under the container operation environment, all service programs are packaged into container images, the image packages are released together, due to the fact that irregular operation exists in the image packaging and releasing process, illegal installation package downloading sources exist, the images are caused to introduce bugs, and in a survey early in 2015, researchers have found that 30% -40% of images on sampled Dockerhub have the problem of safety. There is a need to provide a mechanism to scan and discover the various risks (CVEs) present in the mirrored installation package, which needs to be controlled from the source since the mirrored installation package is in the position of the information source during the CICD (persistent integration/distribution) process.
Clair is a commonly used mirror image scanning tool at present, and the main modules of the Clair are divided into a Detector, a Fetcher, a Notifier and a Webhook, wherein the characteristics of a mirror image are extracted firstly, then the characteristics are matched with a CVE (composite video environment) leak library, and prompt and repair are carried out if a leak is found. However, Clair does not optimize the access sequence, data download mode and decompression method of the layer according to the local mirroring characteristics, which results in huge consumption of CPU, memory and network performance and slow scanning speed.
The invention is provided in view of the above.
The invention content is as follows:
in view of the above, an object of the present invention is to provide a method and an apparatus for scanning mirror image installation package information, so as to solve at least one technical problem in the prior art.
Specifically, in a first aspect of the present invention, a method for scanning mirror image installation package information is provided, including the following steps:
specifying the presence of a repo in the mirror store: tag list;
for repo: traversing mirror images in the tag list;
wherein the pair of repo: the step of traversing the mirror image in the tag list comprises the following steps:
downloading and repo: mirroring a manifest file corresponding to the tag list to the local;
analyzing a mirror image manifest file;
checking a manifest file;
downloading a mirror image file;
and scanning the data of the mirror image file.
By adopting the technical scheme, repeated scanning and repeated downloading of the mirror image are avoided, the scanning efficiency of the mirror image installation package is improved, and the network flow is reduced.
Preferably, the presence of a repo in the mirror repository is specified via an API: tag list.
Preferably, the download is performed via an API with a repo: and mirroring the manifest file corresponding to the tag list to the local.
Preferably, the mirror manifest file is stored in a local cache directory.
Preferably, the step of parsing the mirror image manifest file includes:
analyzing a mirror image manifest file;
acquiring an id list of a mirror layer;
sorting the component layer linked lists;
whether the fault chain table is multi-layer or not is judged,
if so, the step of downloading the image file is carried out,
if not, performing security scanning on the unscanned image, namely downloading a repo: and the other corresponding mirror image manifest file in the tag list is locally displayed.
Preferably, the step of checking the manifest file includes:
determining whether the installation package information record of the fault exists in a cache database,
if yes, obtaining installation package information of the layer from the cache database, and executing security scanning on the unscanned mirror image, namely downloading a repo: another corresponding mirror manifest file in the tag list is mirrored locally,
if not, downloading the mirror image file.
Preferably, the step of downloading the image file includes:
downloading the compression package of the mirror image layer to the local;
whether the downloading is successful or not is judged,
if not, continuing to download the compression package of the mirror image layer,
if so, the compressed packet is decompressed.
More preferably, the number of times of unsuccessful download of the compressed packet of the mirror layer is determined,
if the number of unsuccessful times exceeds 3 times, a security scan of the unscanned image is performed, i.e. a response is downloaded: another corresponding mirror manifest file in the tag list is mirrored locally,
if the number of unsuccessful times is less than 3 times, continuing to download the compressed packet of the mirror image layer.
More preferably, the compressed packet of the mirror layer is saved to a local temporary directory.
More preferably, the step of decompressing the compressed packet comprises:
it is determined whether the decompressed specified file exists,
if so, scanning the decompressed file,
if not, performing security scanning on the unscanned image, namely downloading a repo: and the other corresponding mirror image manifest file in the tag list is locally displayed.
Preferably, the step of scanning the data of the mirror image file includes:
the decompressed file is scanned line by line,
performing a secure scan of the unscanned image, i.e. downloading a repo: and the other corresponding mirror image manifest file in the tag list is locally displayed.
Preferably, after scanning the data of the mirror image file and before performing the security scan on the unscanned mirror image, the method further includes the following steps:
the installation package information of the layer is obtained,
and storing the installation package information of the layer in a cache database.
By adopting the technical scheme, the installation package information of the layer in the cache database is updated, so that the cache database is more perfect, and the scanning efficiency is improved.
In another aspect of the present invention, a scanning device for mirror image installation package information is provided, where the device includes: a processor;
storage means for storing one or more programs;
the one or more programs are executed by the one or more processors, causing the one or more processors to implement the scanning method described above.
In another aspect of the present invention, there is provided a storage medium including one or more programs that can perform the above-described scanning method.
In conclusion, the invention has the following beneficial effects:
1. by adopting the technical scheme, the related mirror image manifest file is checked, so that the repeated scanning and repeated downloading of the mirror image are avoided, the scanning efficiency of the mirror image installation package is improved, and the network flow is reduced.
2. By adopting the technical scheme, the comprehensiveness of scanning is improved and the use safety of the mirror image is ensured by traversing the related mirror image.
3. By adopting the technical scheme, the installation package information of the layer in the cache database is updated, so that the cache database is more perfect, and the scanning efficiency is improved.
Description of the drawings:
in order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating a method for scanning mirror image installation package information according to the present invention;
FIG. 2 is a graph of relative positions of repo: an execution flow chart for traversing the mirror image in the tag list;
fig. 3 is a flowchart of a preferred embodiment of the scanning method of the mirror image installation package information according to the present invention.
The specific implementation mode is as follows:
the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
Some concepts related to the present application are explained below:
docker: the application container engine is an open-source application container engine, so that developers can package their applications and dependence packages into a portable container and then distribute the portable container to any popular Linux machine, and virtualization can be realized. The containers are fully sandboxed without any interface between each other.
Mirror image warehouse: the centralized repository of Docker images from which different hosts may download Docker images.
Docker hub: mirror repository offered by Docker officials.
Docker Registry: and a private mirror image warehouse built by a user according to the requirement.
manifest file: a metadata file that mirrors the file.
Layer chain table: std: : a data structure of the form list < Layerlnfo > xxx.
API: an application programming interface. Are predefined functions that are intended to provide applications and developers the ability to access a set of routines based on certain software or hardware without having to access source code or understand the details of the internal workings.
The present invention will be described in detail below by way of examples.
The embodiment of the application provides a method and a device for scanning information of a mirror image installation package, so that at least one technical problem of high consumption of CPU (central processing unit), memory and network performance, low scanning speed and the like in the prior art when the mirror image installation package is subjected to security scanning is solved, and the scanning efficiency is improved.
In order to solve the technical problems, the general idea of the embodiment of the application is as follows:
a method for scanning mirror image installation package information comprises the following steps: specifying the presence of a repo in the mirror store: tag list; for repo: traversing mirror images in the tag list;
wherein the pair of repo: the step of traversing the mirror image in the tag list comprises the following steps: downloading and repo: mirroring a manifest file corresponding to the tag list to the local; analyzing a mirror image manifest file; checking a manifest file; downloading a mirror image file; and scanning the data of the mirror image file.
In order to better understand the technical solution, the technical solution will be described in detail with reference to the drawings and the specific embodiments.
In a preferred embodiment of the present invention, a method for scanning information of a mirror image installation package is provided, as shown in fig. 1 to 3, including the following steps:
step S101: specifying the presence of a repo in the mirror store: tag list;
in a specific implementation process, the mirror image warehouse may be a public mirror image warehouse such as a Docker hub, or may be a private mirror image warehouse such as a Docker Registry.
In the specific implementation process, the ratio of repo: the tag list may include one or more image file tags, where the image file is used to build a corresponding operating environment, such as java, python, or to run a related program.
As an alternative embodiment, the repo existing in the mirror repository is specified through API: tag list, specifically, the registration API may implement the registration for the repo: designation of tag list.
Step S102: for repo: traversing the mirror image in the tag list to confirm the security of the mirror image;
wherein, the step S102 further includes:
step S1021: downloading and repo: mirroring a manifest file corresponding to the tag list to the local;
in a specific implementation process, the mirror manifest file is stored in a local cache directory, and the cache directory may be one or more.
In the specific implementation process, one mirror image manifest file is downloaded each time, and when all the mirror image manifest files are downloaded, the traversal process is regarded as completed.
By adopting the technical scheme, the data volume of the mirror image manifest file is small, and the mirror image manifest file has a one-to-one correspondence relationship with the mirror image file, so that the scanning efficiency of the mirror image file can be improved by downloading the mirror image manifest file, and the consumption of network flow is reduced.
As an alternative implementation, the following information is downloaded through API: and (3) mirroring the manifest file corresponding to the tag list to the local, specifically, downloading the mirroring manifest file through a Registry API.
Step S1022: analyzing a mirror image manifest file;
as an optional implementation manner, the step of parsing the mirror manifest file includes:
analyzing a mirror image manifest file;
acquiring an id list of a mirror layer;
sorting the component layer linked lists;
whether the fault chain table is multi-layer or not is judged,
if so, the step of downloading the image file is carried out,
if not, go to step S1021 to download a response: and the other corresponding mirror image manifest file in the tag list is locally displayed.
In the specific implementation process, the id of the mirror layer is directly obtained from the Layers field (layer field) of the manifest file. The Layers field is an array, the first element of the array is the first layer, the second element of the array is the second layer, and so on, and the layer linked list is formed according to the sequence.
In the specific implementation process, the id information of the mirror image layer is obtained by analyzing the mirror image manifest file, and then the local cache is inquired through the id information of the mirror image layer, so that the installation package information can be obtained. The installation package information is a set of information of name + version corresponding to a program library (openssl, boost, curl, python 2.7.) installed in the system.
Step S1023: checking a manifest file;
as an optional implementation manner, the step of checking the manifest file includes:
determining whether the installation package information record of the fault exists in a cache database,
if yes, obtaining installation package information of the layer from the cache database, executing step S1021, downloading repo: another corresponding mirror manifest file in the tag list is mirrored locally,
if not, downloading the mirror image file.
In a specific implementation process, the cache database may be set in a local computer or a local area network server, and when the installation package information record exists in the cache database, the mirror image is pulled to a local designated location according to the installation package information record.
In the specific implementation process, when the installation package information record does not exist in the cache database, the corresponding image file needs to be downloaded from the image repository.
In the specific implementation process, whether the installation package information record exists in the cache database is judged according to the information of the layer id.
By adopting the technical scheme, the mirror image recorded with the installation package information in the cache database is directly pulled, so that the network flow is saved, and the scanning efficiency is improved.
Step S1024: downloading a mirror image file;
as an optional implementation, the step of downloading the image file includes:
downloading the compression package of the mirror image layer to the local;
whether the downloading is successful or not is judged,
if not, continuing to download the compression package of the mirror image layer,
if so, the compressed packet is decompressed.
In a specific implementation process, the compressed packet of the mirror layer includes mirror data, position data of each layer, and the like.
In the specific implementation process, the compressed packet of the mirror layer is saved to a local temporary directory.
As an alternative, the number of times of unsuccessful download of the compressed packet of the image layer is determined,
if the number of unsuccessful times exceeds 3 times, execute step S1021, download repo: another corresponding mirror manifest file in the tag list is mirrored locally,
if the number of unsuccessful times is less than 3 times, continuing to download the compressed packet of the mirror image layer.
In the specific implementation process, the image files with the downloading unsuccessful times exceeding 3 times are recorded, and the record files of the downloading failed images are generated, so that a user can conveniently look up and manually add the images.
By adopting the technical scheme, the mirror image which is not easy to download or does not exist in the mirror image warehouse is skipped, the scanning program is prevented from entering the dead cycle, and the stable, reliable and smooth operation of the scanning process is ensured.
As an optional implementation, the decompressing the compressed packet includes:
it is determined whether the decompressed specified file exists,
if so, scanning the decompressed file,
if not, downloading a repo: and the other corresponding mirror image manifest file in the tag list is locally displayed.
Step S1025: and scanning the data of the mirror image file.
As an optional implementation manner, the step of scanning the data of the image file includes:
the decompressed file is scanned line by line,
step S1021 is executed, download repo: and the other corresponding mirror image manifest file in the tag list is locally displayed.
As an alternative embodiment, after scanning the decompressed file line by line, before performing step S1021, the method further includes the following steps:
the installation package information of the layer is obtained,
storing the installation package information of the layer in a cache database,
by adopting the technical scheme, the installation package information of the layer in the cache database is updated, so that the cache database is more perfect, repeated downloading of the mirror image file is reduced, and the scanning efficiency is improved.
Based on the same inventive concept, the invention provides a scanning device for mirror image installation package information, which comprises:
a processor;
storage means for storing one or more programs;
the one or more programs are executed by the one or more processors, causing the one or more processors to implement the scanning method described above.
Based on the same inventive concept, the present invention provides a storage medium including one or more programs, which can be executed by a processor to perform the above-described scanning method.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
It should be understood that the technical problems can be solved by combining and combining the features of the embodiments from the claims.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A method for scanning mirror image installation package information comprises the following steps:
specifying the presence of a repo in the mirror store: the list of tags is shown in the table,
for repo: traversing mirror images in the tag list;
wherein the pair of repo: the step of traversing the mirror image in the tag list comprises the following steps:
downloading and repo: the tag list is corresponding to mirror the manifest file to the local,
analyzing a mirror image manifest file;
the step of analyzing the mirror image manifest file comprises the following steps:
a list of ids of the mirror layers is obtained,
the sequence is organized into a layer linked list,
whether the fault chain table is multi-layer or not is judged,
if not, performing security scanning on the unscanned image, namely downloading a repo: another corresponding mirror manifest file in the tag list is mirrored locally,
if so, checking the manifest file;
wherein the step of checking the manifest file comprises:
determining whether the installation package information record of the fault exists in a cache database,
if yes, obtaining installation package information of the layer from the cache database, and executing security scanning on the unscanned mirror image, namely downloading a repo: another corresponding mirror manifest file in the tag list is mirrored locally,
if not, downloading the mirror image file and scanning the data of the mirror image file.
2. The method of claim 1, wherein the step of scanning the mirror image installation package information comprises: the repo present in the mirror repository is specified through the API: tag list and download, via API, with repo: and mirroring the manifest file corresponding to the tag list to the local.
3. The method of claim 1, wherein the step of scanning the mirror image installation package information comprises: the step of downloading the image file comprises the following steps:
downloading the compression package of the mirror image layer to the local;
whether the downloading is successful or not is judged,
if not, continuing to download the compression package of the mirror image layer,
if so, the compressed packet is decompressed.
4. The method of claim 3, wherein the step of scanning the mirror installation package information comprises: a determination is made as to the number of times the compressed packet download of the mirror layer was unsuccessful,
if the number of unsuccessful times exceeds 3 times, a security scan of the unscanned image is performed, i.e. a response is downloaded: another corresponding mirror manifest file in the tag list is mirrored locally,
and if the unsuccessful times do not exceed 3 times, continuing downloading the compressed packet of the mirror image layer.
5. The method of claim 3, wherein the step of scanning the mirror installation package information comprises: the step of decompressing the compressed packet comprises:
it is determined whether the decompressed specified file exists,
if so, scanning the decompressed file,
if not, performing security scanning on the unscanned image, namely downloading a repo: and the other corresponding mirror image manifest file in the tag list is locally displayed.
6. The method of claim 1, wherein the step of scanning the mirror image installation package information comprises: after the data of the image file is scanned, before the safety scanning of the unscanned image is executed, the method also comprises the following steps:
the installation package information of the layer is obtained,
and storing the installation package information of the layer in a cache database.
7. A scanning device that mirrors installation package information, the device comprising:
a processor;
storage means for storing one or more programs;
the one or more programs are executable by the one or more processors to cause the one or more processors to implement the scanning method of any one of claims 1-6.
8. A storage medium comprising one or more programs that may perform the scanning method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910207653.XA CN109918911B (en) | 2019-03-18 | 2019-03-18 | Method and equipment for scanning mirror image installation package information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910207653.XA CN109918911B (en) | 2019-03-18 | 2019-03-18 | Method and equipment for scanning mirror image installation package information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109918911A CN109918911A (en) | 2019-06-21 |
| CN109918911B true CN109918911B (en) | 2020-11-03 |
Family
ID=66965625
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910207653.XA Active CN109918911B (en) | 2019-03-18 | 2019-03-18 | Method and equipment for scanning mirror image installation package information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109918911B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11481487B2 (en) | 2019-07-08 | 2022-10-25 | Google Llc | System and method of detecting file system modifications via multi-layer file system state |
| CN111443992B (en) * | 2020-03-31 | 2023-04-07 | 高新兴科技集团股份有限公司 | Docker mirror image difference derivation method, computer storage medium and electronic device |
| CN111654531B (en) * | 2020-05-22 | 2023-05-05 | 国云科技股份有限公司 | Mirror image update release method and device based on container |
| CN112084496A (en) * | 2020-09-02 | 2020-12-15 | 浪潮云信息技术股份公司 | Clair-based mirror image security scanning method |
| CN112527467B (en) * | 2020-12-23 | 2024-06-11 | 同盾控股有限公司 | Storage structure, query method, deletion method, device, equipment and medium of container mirror image |
| US11972252B2 (en) | 2021-08-02 | 2024-04-30 | Micro Focus Llc | Docker installed software/hardware discovery |
| US12099613B2 (en) | 2021-09-16 | 2024-09-24 | International Business Machines Corporation | Modification of a Dockerfile to repair vulnerabilities existing in the Dockerfile |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107315843A (en) * | 2017-07-27 | 2017-11-03 | 南方电网科学研究院有限责任公司 | Storage method and system for massive structured data |
| CN107665224A (en) * | 2016-07-29 | 2018-02-06 | 北京京东尚科信息技术有限公司 | Scan the mthods, systems and devices of HDFS cold datas |
| CN109104451A (en) * | 2017-06-21 | 2018-12-28 | 阿里巴巴集团控股有限公司 | The pre-heating mean and node of the method for down loading and node of Docker mirror image, Docker mirror image |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394457B (en) * | 2007-09-21 | 2010-07-28 | 虹光精密工业(苏州)有限公司 | Scanning method |
| KR101402057B1 (en) * | 2012-09-19 | 2014-06-03 | 주식회사 이스트시큐리티 | Analyzing system of repackage application through calculation of risk and method thereof |
| CN105930230A (en) * | 2016-04-18 | 2016-09-07 | 乐视控股(北京)有限公司 | Multilayer mirror image management method |
| US9882784B1 (en) * | 2017-09-26 | 2018-01-30 | Tesuto Llc | Holistic validation of a network via native communications across a mirrored emulation of the network |
| CN108509253A (en) * | 2018-04-03 | 2018-09-07 | 南京中兴软创软件技术有限公司 | A kind of method of a large amount of container mirror images of release quickly |
-
2019
- 2019-03-18 CN CN201910207653.XA patent/CN109918911B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107665224A (en) * | 2016-07-29 | 2018-02-06 | 北京京东尚科信息技术有限公司 | Scan the mthods, systems and devices of HDFS cold datas |
| CN109104451A (en) * | 2017-06-21 | 2018-12-28 | 阿里巴巴集团控股有限公司 | The pre-heating mean and node of the method for down loading and node of Docker mirror image, Docker mirror image |
| CN107315843A (en) * | 2017-07-27 | 2017-11-03 | 南方电网科学研究院有限责任公司 | Storage method and system for massive structured data |
Non-Patent Citations (2)
| Title |
|---|
| Docker容器安全监控系统设计与实现;简智强;《中国优秀硕士学位论文全文数据库 信息科技辑》;20180415;第2018卷(第4期);全文 * |
| Elastic-RAID: A New Architecture for Improved Availability of Parity-Based RAIDs by Elastic Mirroring;Jie Yao 等;《IEEE Transactions on Parallel and Distributed Systems》;20150513;第27卷(第4期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109918911A (en) | 2019-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109918911B (en) | Method and equipment for scanning mirror image installation package information | |
| US10055576B2 (en) | Detection of malicious software packages | |
| CN102135892B (en) | Application program running method, device and system | |
| US9948670B2 (en) | Cloud security-based file processing by generating feedback message based on signature information and file features | |
| US10521447B2 (en) | Container application execution using image metadata | |
| JP7297769B2 (en) | Shader distribution among client machines for pre-caching | |
| US20160080150A1 (en) | System and method for securing sensitive data | |
| US9569197B2 (en) | Method of disseminating updated drivers to mobile computing devices and a dissemination system therefor | |
| CN104317599B (en) | Whether detection installation kit is by the method and apparatus of secondary packing | |
| CN104462968B (en) | Scan method, the device and system of malicious application | |
| CN104318160B (en) | The method and apparatus of killing rogue program | |
| JP2017511923A (en) | Virus processing method, apparatus, system, device, and computer storage medium | |
| CN112613041A (en) | Container mirror image detection method and device, electronic equipment and storage medium | |
| US20120066674A1 (en) | Techniques for conditional deployment of application artifacts | |
| CN104850775B (en) | A kind of identification method and device of applications security | |
| US20180189313A1 (en) | Method and apparatus for compressing an application | |
| CN112860645A (en) | Processing method and device for offline compressed file, computer equipment and medium | |
| CN110135163B (en) | Security detection method, device and system based on target application | |
| CN104468769A (en) | Method, device and system for acquiring network data content and client side | |
| CN104580429B (en) | A kind of method, server and cloud disk client loading communication information | |
| US20160162365A1 (en) | Storing difference information in a backup system | |
| CN110502900A (en) | A kind of detection method, terminal, server and computer storage medium | |
| CN115396159A (en) | Container mirror image detection method, client and server | |
| CN114417347A (en) | Vulnerability detection method, device, equipment, storage medium and program of application program | |
| CN112887352A (en) | Image file uploading method and device for Docker container |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |