×

SOFTWARE CONTAINER REGISTRY INSPECTION

  • US 20170177877A1
  • Filed: 12/18/2015
  • Published: 06/22/2017
  • Est. Priority Date: 12/18/2015
  • Status: Active Grant
First Claim
Patent Images

1. A system, comprising:

  • one or more processors; and

    memory including instructions that, as a result of execution by the one or more processors, cause the system to;

    receive a request to perform a scan of a set of container images stored in at least one repository, container images of the set of container images comprising image layers stored in the at least one repository, the request including criteria for identifying image layers associated with a security vulnerability; and

    in response to receiving the request;

    search a set of manifests stored in a database of a structured data store to obtain content-addressable identifiers for the image layers, the set of manifests comprising metadata about the set of container images;

    determine, based at least in part on the content-addressable identifiers, image layers that match the criteria; and

    flag the image layers that match the criteria as un-referenceable; and

    as a result of an occurrence of a current time corresponding to a time scheduled for performing a deletion operation;

    determine, by analyzing the set of manifests, one or more unreferenced image layers, the one or more unreferenced image layers being;

    flagged as un-referenceable, orunreferenced by a manifest of a tagged container image; and

    delete the one or more unreferenced image layers.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×