IN
`
`
`
`
`I III IIIIIIII 11111111111111111111111111J21,11111111!
`
`US 20200097662A1
`
`( 19 ) United States
`(19) United States
`( 12 ) Patent Application Publication ( 10 ) Pub . No .: US 2020/0097662 A1
`(12) Patent Application Publication (10) Pub. No.: US 2020/0097662 Al
`( 43 ) Pub . Date :
`Mar. 26 , 2020
`Hufsmith et al .
`Mar. 26, 2020
`Hufsmith et al.
`(43) Pub. Date:
`
`( 54 ) COMBINED THREAT SCORE FOR
`(54) COMBINED THREAT SCORE FOR
`CONTAINER IMAGES
`CONTAINER IMAGES
`( 71 ) Applicant : CA , Inc. , Islandia , NY ( US )
`(71) Applicant: CA, Inc., Islandia, NY (US)
`( 72 ) Inventors : Brian Hufsmith , Islandia , NY ( US ) ;
`(72)
`Inventors: Brian Hufsmith, Islandia, NY (US);
`William Mcallister , Islandia , NY ( US ) ;
`William Mcallister, Islandia, NY (US);
`Mitchell Engel , Islandia , NY ( US )
`Mitchell Engel, Islandia, NY (US)
`( 21 ) Appl . No .: 16 / 146,717
`(21) Appl. No.: 16/146,717
`Sep. 28 , 2018
`( 22 ) Filed :
`(22) Filed:
`Sep. 28, 2018
`Related U.S. Application Data
`Related U.S. Application Data
`( 60 ) Provisional application No. 62 / 736,162 , filed on Sep.
`(60) Provisional application No. 62/736,162, filed on Sep.
`25 , 2018 .
`25, 2018.
`Publication Classification
`Publication Classification
`
`( 51 ) Int . Ci .
`(51) Int. Cl.
`GO6F 21/57
`G06F 21/57
`H04L 9/06
`H04L 9/06
`
`( 2006.01 )
`(2006.01)
`( 2006.01 )
`(2006.01)
`
`( 52 ) U.S. CI .
`(52) U.S. Cl.
`CPC
`CPC
`
`G06F 21/577 ( 2013.01 ) ; GO6F 2221/033
`G06F 21/577 (2013.01); G06F 2221/033
`( 2013.01 ) ; H04L 9/0643 ( 2013.01 )
`(2013.01); H04L 9/0643 (2013.01)
`
`ABSTRACT
`( 57 )
`ABSTRACT
`(57)
`Provided is a process for determining threat scores for
`Provided is a process for determining threat scores for
`container images or distributed applications that consider the
`container images or distributed applications that consider the
`results of a multitude of different scanners and other factors
`results of a multitude of different scanners and other factors
`such as context information which may include information
`such as context information which may include information
`about a given execution environment for the container
`about a given execution environment for the container
`image . Scanner results , or scanner properties , are deter
`image. Scanner results, or scanner properties, are deter-
`mined for a container image or container images in a
`mined for a container image or container images in a
`multi - container distributed application by various vulner
`multi-container distributed application by various vulner-
`ability scanners . The scanner properties determined by each
`ability scanners. The scanner properties determined by each
`vulnerability scanner are adjusted responsive to properties of
`vulnerability scanner are adjusted responsive to properties of
`the context and normalized to determine component threat
`the context and normalized to determine component threat
`scores for the container image . Then the component threat
`scores for the container image. Then the component threat
`scores for the container image are combined to generate a
`scores for the container image are combined to generate a
`combined threat score for the container image within the
`combined threat score for the container image within the
`context of the execution environment .
`context of the execution environment.
`
`schema translator
`schema translator
`
`Axtr
`A xitr
`
`B xitr
`B xšt
`
`***
`222
`
`C xlts
`C xltr
`
`46
`
`scan selecto :
`scan selector'
`
`results engine
`results engine
`
`42
`
`controller
`cant:1:311er
`
`layer evaluator
`layer evaluator
`50
`scais configurer
`scan configures
`
`vulnerability scanning engine
`vulnerability scanning engine
`
`cont. mgr.
`cont . gs .
`
`\ 12
`12
`
`scanner app . A
`scanner app. A
`
`scanner app . B
`scanner app. B
`
`16
`16
`
`16
`
`dev. cornp.
`dev . comp .
`IDE
`plugin
`p€ugin
`
`58
`58
`60
`52
`62
`
`56
`
`scanner app . Z
`scanner app. Z
`
`36
`36 14
`
`21
`1
`
`36
`36
`37
`37 .
`
`apo
`amp
`COM
`
`am
`
`pp,
`f fl
`
`36
`
`coat
`cont .
`
`cont.,
`cont .
`
`Cant
`
`container engine
`container engine
`
`kernel
`kere
`OS
`
`? ?
`222
`34
`
`32
`-32
`
`30
`\-30
`
`NIC
`NIC
`CPU
`Mem
`Computing device
`computingldevice
`i
`.26
`+.28
`
`24
`
`
`
`22
`
`vu n.
`vin .
`repository
`repository
`
`image
`image
`18 ,
`18
`sexsitory
`rtory
`r
`composition file
`composition file
`respository
`try
`
`WOMOMOMP
`
`1•••••••••••
`
`WI/WWI/WM
`
`am
`
`app .
`
`le
`
`spp .
`pp
`om
`
`cont.
`cont .
`
`conta
`
`cont.
`cont .
`
`container engine
`container engine
`
`kernel
`kerne
`OS
`
`NIC
`Mem
`Mem
`NIC 11 CPU
`coniputing device
`computing device
`
`WIZ, Inc. EXHIBIT - 1078
`WIZ, Inc. v. Orca Security LTD.
`
`WIZ, Inc. EXHIBIT - 1078
`WIZ, Inc. v. Orca Security LTD.
`
`

`

`Patent Application Publication Mar. 26 , 2020 Sheet 1 of 10
`Patent Application Publication Mar. 26, 2020 Sheet 1 of 10
`
`US 2020/0097662 A1
`US 2020/0097662 Al
`
`schema translator
`schema translator
`
`A )(kr
`
`B xltr
`B xitr
`
`...
`* Na
`
`C xitr
`
`44
`
`42
`
`controller
`
`results engine
`results engine
`54
`54
`
`scan selector
`scan selector
`
`layer evaluator
`layer evaluator
`50
`scan configurer
`scan configurer
`
`48 .
`48
`
`vulnerability scanning engine
`vulnerability scanning engine
`58
`dev , comp .
`dev. comp.
`5
`/ 60
`IDE
`62
`62
`plugin
`plugin
`
`cont. mgr.
`
`12
`12
`
`20
`20
`
`SO
`
`scanner app. A
`
`6
`
`scanner app . B
`scanner app. B
`
`16
`
`o 56
`
`6
`
`22
`
`repository
`reposito
`
`164
`16
`36
`36
`
`37
`
`scanner app , Z
`scanner app, Z
`
`36
`
`14
`
`21 1
`
`image
`image
`8
`18
`repository
`repository
`composition file
`respository
`respository
`
`PP,
`m
`
`cont.
`
`PP,
`nip
`
`app
`comp
`omp
`
`6
`
`cant
`
`container engine
`
`s
`
`1111 CPU
`
`IN
`computing device
`26
`6
`
`24
`
`34
`34
`
`37
`32
`
`30
`
`28
`28
`
`FIG . 1A
`FIG. 1A
`
`pp-
`am
`
`cont.
`
`-41100011011011100110MW
`
`PP-
`nip
`
`app .
`PP
`omp
`
`cont
` N.
`
`cont
`
`43.1000000014.
`
`container engine
`container engine
`
`kernel
`
`OS
`OS
`
` •
`
`NIC
`
`CPU
`CPU
`
`Mem
`
`computing device
`computing device
`
`

`

`Patent Application Publication
`Patent Application Publication
`
`Mar. 26 , 2020 Sheet 2 of 10
`0I Jo Z WIN 0Z0Z `9Z *JUN
`
`US 2020/0097662 A1
`IV Z99L600/0Z0Z SR
`
`Container Score
`Database 102
`
`Container
`Score Database
`102
`
`Container Score Record 101E
`• •
`•
`
`Container
`Score
`Record
`101N
`
`100
`
`100
`
`Container Score Record 101A
`Context Properties 126
`
`101A Context
`Properties
`126 Version
`Container
`Score
`Record
`History
`127
`
`Version History 127
`
`Score H€story 128
`•
`•
`
`Score
`History
`128
`
`Environments 129
`
`Environments 129
`
`Coring, Properties 106
`
`CVE Properties 111
`
`111 Malware
`Properties
`116
`CVE
`Properties
`Config . Properties 106
`
`Malware Properties 116
`
`CWE Properties 121
`
`CWE
`Properties
`121
`
`Container Scores 131
`
`Container
`Scores
`131
`
`AG. 1B
`
`Results Engine 54
`
`Results
`Engine 54
`
`CVE Evaluator
`110
`
`CVE
`Evaluator
`
`110
`
`CWE Evaluator 120
`
`CWE
`Evaluator
`120
`
`Container Scorer
`130
`
`Container
`Scorer 130
`
`API 140
`
`21
`
`21
`
`Config . Evaluator
`105
`
`Conf€g. Evaluator
`105
`
`Ma€ware Evaluator
`115
`
`Malware
`Evaluator 115
`
`Context Evaluator
`125
`
`Context
`Evaluator 125
`
`Score Evaluator
`135A
`
`Score
`Evaluator 135A
`
`Container Manager
`20
`
`Container
`Manager
`
`Score Evaluator
`135E
`
`Score
`Evaluator 135B
`
`Dev. Comp. 58
`
`Dev . Comp . 58
`
`IDE 60
`
`DE 60
`
`Plugin 62
`
`Plugin 62
`
`

`

`Patent Application Publication Mar. 26 , 2020 Sheet 3 of 10
`Patent Application Publication Mar. 26, 2020 Sheet 3 of 10
`
`US 2020/0097662 A1
`US 2020/0097662 Al
`
`obtain container image
`obtain container image
`
`202
`202
`
`no
`
`more
`layers ?
`layers?
`yes
`
`204
`204
`
`select next layer
`select next layer
`
`206
`206
`
`200
`200
`
`224
`224
`
`filter potential vulnerabilities
`filter potential vulnerabilities
`
`calculate metrics on potential vulnerabilities
`calculate metrics on potential vulnerabilities
`
`226
`226 /
`
`228
`228
`
`store results
`store results
`
`230
`230
`
`cause results to be presented
`cause results to be presented
`
`no
`
`more scanner
`criteria?
`
`yes
`
`208
`208
`
`210
`210
`
`select next scanner criteria
`select next scanner criteria
`
`214
`214
`
`designate selected scanner to scan
`designate selected scanner to scan
`selected layer in unified schema command
`selected layer in unified schema command
`
`216
`216
`
`selected
`selected
`criteria satisfied by
`criteria satisfied by
`selected layer ?
`selected layer?
`
`yes
`
`212
`212
`no
`
`translate unified schema command
`translate unified schema command
`into scanner - specific schema command
`into scanner-spedfic schema command
`
`J
`command selected scanner to scan
`command selected scanner to scan
`
`218
`218
`
`220
`220
`
`receive results in scanner - specific schema
`receive results in scanner-specific schema
`
`222
`222
`
`translate scanner - specific schema
`translate scanner-specific schema
`results into unified schema results
`results into unified schema results
`
`FIG. 2
`
`

`

`Patent Application Publication Mar. 26 , 2020 Sheet 4 of 10
`Patent Application Publication Mar. 26, 2020 Sheet 4 of 10
`
`US 2020/0097662 A1
`US 2020/0097662 Al
`
`F obtain source code of a container image k
`
`obtain source code of a container image
`
`352
`352
`
`350
`350
`
`no
`no
`
`analyze
`analyze
`command ?
`command?
`
`354
`354
`
`yes
`
`does
`command add a
`command add a
`layer ?
`layer?
`
`356
`356
`
`Yes
`parse identifier of added code
`parse identifier of added code
`or other resource from command
`or other resource from command
`
`358
`358
`
`query vulnerability repository with request
`query vulnerability repository with request
`for security vulnerabilities associated with
`for security vulnerabilities associated with
`added code or other resource
`added code or other resource
`
`1\ 360
`360
`
`yes
`yes
`
`vulnerability
`mitigated by other
`mitigated by other
`command?
`
`362
`362
`
`no
`
`annotate source code with an
`annotate source code with an
`indication of vulnerability
`indication of vulnerability
`
`364
`364
`
`no
`
`yes
`yes
`
`self difC
`sel . diff .
`command?
`
`366
`366
`
`370
`370
`
`no
`
`additional
`additional
`info , req ?
`info. req.?
`yes
`yes
`display vulnerability report
`display vulnerability report I --
`
`368
`368
`
`FIG. 3A
`FIG . 3A
`
`

`

`Patent Application Publication
`Patent Application Publication
`
`Mar. 26 , 2020 Sheet 5 of 10
`01 JO S laatis OZOZ `9Z *Juni
`
`US 2020/0097662 A1
`IV Z99L600/0Z0Z Sfl
`
`Q
`
`* o ***
`
`. . . . . . . . . . . . . . . .
`
`[1.01090: Wen RPSW*0 of Mon Nov 27 Lia0catW201.7 fii.r iikivALL
` :
`Deep scan thteait ievel
`
`300
`
`300
`
`iee„311-
`
`1998
`199
`200
`
`urlf:tk.4.4.3
`
`• • • • • • • • • • • • • • • • • • • • • • • • • --
`§M Drstimil x
`. . . . .
`
`if
`
`302
`
`FAWARIO. -V -302
`
`302
`tht"Ifwel Lrr'to'''.7106
`RUN apt- let lestmiti, wftware-erepirties-tenten pytteye
`AUN odd-apt-rieptsitory ppicaris-teititmdmj
`click herelte.A.fultroort,-----308
`vt.h5
`httralm4.sarchive.taborital,cowAwstu; preici5.t?! entvervew- ?rteplermliereman
`RUN ,„Ipt-pt Kpliate
`RUN apt-pt
`
`304
`
`308
`
`Click
`here
`lana
`LERIE
`
`KUN
`apt - get
`install my
`softwaremmoperties - CORROR
`level is lowmmwm
`python
`Static
`analysis
`threat
`306
`
`wy mdmiu
`
`FIG. 36
`
`FIG . 38
`
`302
`
`RUN 4dir fv4riwuw..,' -112
`
`,-302
`ADC ape „le 13;erlieiwf epp,.je,
`
`302
`
`(.",luzwittininede, *ivarfewfwgp,je"1
`
`RUN
`

`

`Patent Application Publication
`Patent Application Publication
`
`Mar. 26 , 2020 Sheet 6 of 10
`01 JO 9 lootIS OZOZ `9Z 'am'
`
`US 2020/0097662 A1
`IV Z99L600/0Z0Z Sfl
`
`: : : : : : : : : :
`:4:0i:: Doc k.?..,rfile :.•:'
`•i: 301 11 to Olin
`>..
`.
`)
`
`310
`
`302 1 testing
`
`???
`
`320
`
`sft.
`
`Dr.?ckerfiie
`
`destolec
`untitled
`
`les-commas whoa
`ee,ja
`cosisboolvi precise auiverse x iettiaptisatiroas.list
`
`..—„„„„„„/
`„„„„„„„„„„„„„„„„„„„...
`image scan RII.fatts as of Mon Nev. 27 1716111 F:ST 1.017 for kibunitv
`I Dew scan Meet levet 4, High ---...306
`----306
`Static anetysi F., threat: Wel is Low
`
`Image
`scan
`Results as of Mon
`Nov 27 12 16:28 EST
`2017 for
`uhaantales
`COXOX
`than
`
`Ai*
`
`.stmt
`Tales
`
`304
`
`302
`
`• • • • • • • • • • • • • • • • •
`AM aitsp...js AMPfl*Wiaxa,
`
`:Old here for a ft41.1 report
`
`302
`
`CMD rleartawrodk.e> "tearAmefemiel./.3°2
`
`zos / 1 . * { ******** / AM ) u " spau / UTP / 10 / 4 ) )
`
`-302
`
`30 %
`
`FIG. 3C
`
`FIG . 3C
`
`

`

`Patent Application Publication Mar. 26 , 2020 Sheet 7 of 10
`Patent Application Publication Mar. 26, 2020 Sheet 7 of 10
`
`US 2020/0097662 A1
`US 2020/0097662 Al
`
`400
`400
`
`Determine Identifier(s) 421
`
`420
`420
`
`421
`
`Obtain Distributed
`Obtain Distributed
`Application
`Application
`
`Determine Identifier ( s )
`for Container Image
`for Container Image
`
`Create Distributed
`Create Distributed
`Application Score
`Application Score
`Record
`Record
`
`422
`422
`
`426
`426
`
`Yes
`Yes
`
`Next
`Next
`Container ?
`Container?
`
`430
`430
`
`End
`End
`
`428
`428
`
`Update Distributed
`Update Distributed
`Application Score
`Application Score
`Record
`Record
`
`402
`402
`
`406
`406
`
`408
`408
`
`Obtain Container Image
`Obtain Container image
`
`Determine Scanner
`Determine Scanner
`Properties
`Properties
`
`Create Container Score
`Create Container Score
`Record
`Record
`
`FIG . 4
`FIG. 4
`
`

`

`Patent Application Publication Mar. 26 , 2020 Sheet 8 of 10
`Patent Application Publication Mar. 26, 2020 Sheet 8 of 10
`
`US 2020/0097662 A1
`US 2020/0097662 Al
`
`500
`500
`
`Receive Request for
`Receive Request for
`Combined Threat Score
`Combined Threat Score
`
`502
`502
`
`400
`400
`
`No
`No
`
`Score Record ?
`Score Record?
`
`508
`508
`
`No
`
`Determine Weights for
`Determine Weights for
`Scanner Properties
`Scanner Properties
`
`
`
`512
`y512
`
`Determine Context
`Determine Context
`Properties
`Properties
`
`No
`No
`
`Yes
`Yes
`
`Scanner
`canner
`Property
`Property
`Weights
`eights?
`Yes
`
`Context
`Context
`Property
`Property
`Weights
`eights?
`
`504
`504
`
`506
`506
`
`-510
`510
`
`514
`y514
`Determine Weights for
`Determine Weights for
`Context Properties
`Context Properties
`
`516
`516
`
`Yes
`Yes
`Modify Scanner
`Modify Scanner
`Property Weights based
`Property Weights based
`on Context Property
`on Context Property
`Weights
`Weights
`
`518
`518
`
`520
`520
`
`Generate Combined
`Generate Combined
`Threat Score
`Threat Score
`
`Report Combined
`Report Combined
`Threat Score
`Threat Score
`
`FIG . 5
`FIG. 5
`
`

`

`Patent Application Publication
`Patent Application Publication
`
`Mar. 26 , 2020 Sheet 9 of 10
`0I Jo 6 WIN 0Z0Z `9Z *JUN
`
`US 2020/0097662 A1
`IV Z99L600/0Z0Z SR
`
`371
`
`371
`
`Threat Score
`
`Threat
`Score
`
`843
`
`843
`
`Threat Score
`
`Threat
`Score
`
`617
`Threat Score
`
`617
`
`Threat
`Score
`
`HIGH
`
`HIGH
`
`Threat Level
`
`Threat
`Level
`
`LOW
`Threat Level
`
`LOW
`
`Threat
`Level
`
`MEDIUM
`
`MEDIUM
`
`Threat Levele
`
`Threat
`Level
`
`605
`
`605
`
`603
`
`603
`
`FIG. 6
`
`FIG . 6
`
`600
`
`600
`
`Ubuntu Containers
`
`Ubuntu
`Containers
`
`6°lc
`Ubuntu ill
`mongo report card
`
`Ubuntu V1 5010
`
`mongo
`report
`card
`
`Last Scan Date: 01/05/18 05:00PM
`
`Last
`Scan
`Date : 01/05/18
`05:00 PM
`
`Ubuntu V3 (.9'
`mongo report car
`
`Ubuntu V3 591A
`
`mongo
`report
`card
`
`Last Scan Date: 01/01/18 12:00AM
`
`Last
`Scan
`Date : 01/01/18
`12:00 AM
`
`Ubuntu V2 5018
`
`Ubuntu V2 7 8
`mongo report card
`
`mongo
`report
`card
`
`Last Scan Date: 01/12/18 04:00AM
`
`Last
`Scan
`Date : 01/12/18
`04:00 AM
`
`+
`
`607
`
`607
`
`

`

`Patent Application Publication
`Patent Application Publication
`
`Mar. 26 , 2020 Sheet 10 of 10 US 2020/0097662 A1
`OT JO 01 laatIS OZOZ `9Z *Juni
`
`IV Z99L600/0Z0Z Sfl
`
`NETWORK
`
`NETWORK
`
`DEVICEM
`1060
`
`V / O DEVICE ( S )
`
`NETWORK
`INTERFACE
`1040
`
`I/O DEVICE
`INTERFACE
`
`I / O DEVICE
`
`COMPUTER SYSTEM
`1000
`
`PROCESSOR
`1010a
`
`PROCESSOR 10109
`
`PROCESSOR
`1010b
`
`4 1
`
`r SYSTEM MEMORY
`=2,
`PROGRAM
`INSTRUCTIONS
`1100
`
`INSTRUCTIONS
`
`OD,
`
`DATA
`
`•
`
`f/O
`INTERFACE
`1050
`
`PROCESSOR
`1010E
`
`PROCESSOR
`
`FIG . 7
`
`

`

`US 2020/0097662 Al
`US 2020/0097662 Al
`
`1
`1
`
`Mar. 26 , 2020
`Mar. 26, 2020
`
`COMBINED THREAT SCORE FOR
`COMBINED THREAT SCORE FOR
`CONTAINER IMAGES
`CONTAINER IMAGES
`
`CROSS - REFERENCE TO RELATED
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`APPLICATIONS
`[ 0001 ] The present application claims the benefit of U.S.
`[0001] The present application claims the benefit of U.S.
`Provisional Patent Application No. 62 / 736,162 , filed on 25
`Provisional Patent Application No. 62/736,162, filed on 25
`Sep. 2018 , which is incorporated by reference herein in its
`Sep. 2018, which is incorporated by reference herein in its
`entirety .
`entirety.
`
`BACKGROUND
`BACKGROUND
`
`1. Field
`1. Field
`[ 0002 ] The present disclosure relates generally to tooling
`[0002] The present disclosure relates generally to tooling
`for software development related to distributed applications
`for software development related to distributed applications
`and , more specifically , to techniques that combine metrics of
`and, more specifically, to techniques that combine metrics of
`heterogeneous vulnerability scans of container images .
`heterogeneous vulnerability scans of container images.
`2. Description of the Related Art
`2. Description of the Related Art
`[ 0003 ] Distributed applications are computer applications
`[0003] Distributed applications are computer applications
`implemented across multiple network hosts . The group of
`implemented across multiple network hosts. The group of
`computers , virtual machines , or containers often each
`computers, virtual machines, or containers often each
`execute at least part of the application's code and cooperate
`execute at least part of the application's code and cooperate
`to provide the functionality of the application . Examples
`to provide the functionality of the application. Examples
`include client - server architectures , in which a client com
`include client-server architectures, in which a client com-
`puter cooperates with a server to provide functionality to a
`puter cooperates with a server to provide functionality to a
`user . Another example is an application having components
`user. Another example is an application having components
`replicated on multiple computers behind a load balancer to
`replicated on multiple computers behind a load balancer to
`provide functionality at larger scales than a single computer .
`provide functionality at larger scales than a single computer.
`Some examples have different components on different
`Some examples have different components on different
`computers that execute different aspects of the application ,
`computers that execute different aspects of the application,
`such as a database management system , a storage area
`such as a database management system, a storage area
`network , a web server , an application program interface
`network, a web server, an application program interface
`server , and a content management engine .
`server, and a content management engine.
`[ 0004 ] The different components of such applications ,
`[0004] The different components of such applications,
`such as those that expose functionality via a network
`such as those that expose functionality via a network
`address , can be characterized as services , which may be
`address, can be characterized as services, which may be
`composed of a variety of other services , which may them
`composed of a variety of other services, which may them-
`selves be composed of other services . Examples of a service
`selves be composed of other services. Examples of a service
`include an application component ( e.g. , one or more execut
`include an application component (e.g., one or more execut-
`ing bodies of code ) that communicates via a network ( or
`ing bodies of code) that communicates via a network (or
`loopback network address ) with another application com
`loopback network address) with another application com-
`ponent , often by monitoring network socket of a port at a
`ponent, often by monitoring network socket of a port at a
`network address of the computer upon which the service
`network address of the computer upon which the service
`executes.
`executes .
`[ 0005 ]
`In many cases , the bodies of code and other
`[0005]
`In many cases, the bodies of code and other
`resources by which the services are implemented can be
`resources by which the services are implemented can be
`challenging to secure . Often , the range of services is rela
`challenging to secure. Often, the range of services is rela-
`tively diverse and arises from diverse sets of bodies of code
`tively diverse and arises from diverse sets of bodies of code
`and other resources , thereby increasing the number of poten
`and other resources, thereby increasing the number of poten-
`tial vulnerabilities . Further , such bodies of code and other
`tial vulnerabilities. Further, such bodies of code and other
`resources can undergo relatively frequent version changes ,
`resources can undergo relatively frequent version changes,
`and in many cases the bodies of code and other resources ,
`and in many cases the bodies of code and other resources,
`are downloaded from third parties that create the bodies of
`are downloaded from third parties that create the bodies of
`code and other resources , such as public repositories that
`code and other resources, such as public repositories that
`may be un - trusted or accorded less trust than code built
`may be un-trusted or accorded less trust than code built
`in - house . Consequently , detecting and managing potential
`in-house. Consequently, detecting and managing potential
`vulnerabilities in distributed application code and other
`vulnerabilities in distributed application code and other
`resources can be particularly complex .
`resources can be particularly complex.
`[ 0006 ] Moreover , even in instances where potential vul
`[0006] Moreover, even in instances where potential vul-
`nerabilities are detected , a degree to which they pose a threat
`nerabilities are detected, a degree to which they pose a threat
`in a given , and potentially highly complex , execution envi
`in a given, and potentially highly complex, execution envi-
`ronment of distributed application code and other resources
`ronment of distributed application code and other resources
`
`is difficult to quantify or express in a usable manner . As a
`is difficult to quantify or express in a usable manner. As a
`result , resources are often used without despite vulnerabili
`result, resources are often used without despite vulnerabili-
`ties ( even if an administrator or developer is capable of
`ties (even if an administrator or developer is capable of
`performing a thorough analysis ) due to the computational
`performing a thorough analysis) due to the computational
`and cognitive load associated with appropriately processing
`and cognitive load associated with appropriately processing
`surfaced vulnerabilities .
`surfaced vulnerabilities.
`
`SUMMARY
`SUMMARY
`[ 0007 ] The following is a non - exhaustive listing of some
`[0007] The following is a non-exhaustive listing of some
`asp
`of the present techniques . These and other aspects
`aspects of the present techniques. These and other aspects
`are described in the following disclosure .
`are described in the following disclosure.
`[ 0008 ] Some aspects include a process including : obtain
`[0008] Some aspects include a process including: obtain-
`ing , with one or more processors , a plurality of scanner
`ing, with one or more processors, a plurality of scanner
`properties pertaining to a container , the scanner properties at
`properties pertaining to a container, the scanner properties at
`least comprising one or more Common Vulnerabilities and
`least comprising one or more Common Vulnerabilities and
`Exposures ( CVE ) scanner properties determined for the
`Exposures (CVE) scanner properties determined for the
`container by a first scanner and one or more Common
`container by a first scanner and one or more Common
`Weakness Enumeration ( CWE ) scanner properties deter
`Weakness Enumeration (CWE) scanner properties deter-
`mined for the container be a second scanner ; determining
`mined for the container be a second scanner; determining
`weights for the plurality of scanner properties , each scanner
`weights for the plurality of scanner properties, each scanner
`property having an associated metric and value ; obtaining ,
`property having an associated metric and value; obtaining,
`with one or more processors , context properties pertaining to
`with one or more processors, context properties pertaining to
`an execution environment of the container ; determining ,
`an execution environment of the container; determining,
`with one or more processors , to which scanner properties
`with one or more processors, to which scanner properties
`each of the context properties applies within the execution
`each of the context properties applies within the execution
`environment and weights for the context properties ; modi
`environment and weights for the context properties; modi-
`fying , by one or more of the weights determined for one or
`fying, by one or more of the weights determined for one or
`more respective context properties , the weights for the
`more respective context properties, the weights for the
`scanner properties to which the respective context properties
`scanner properties to which the respective context properties
`apply to determine modified weights for at least some of the
`apply to determine modified weights for at least some of the
`scanner properties ; determining a combined threat score for
`scanner properties; determining a combined threat score for
`the container based on the at least some of the scanner
`the container based on the at least some of the scanner
`properties having the modified weights and the other scanner
`properties having the modified weights and the other scanner
`properties , and storing , with one or more processors , the
`properties, and storing, with one or more processors, the
`combined threat score in memory .
`combined threat score in memory.
`[ 0009 ] Some aspects include a tangible , non - transitory ,
`[0009] Some aspects include a tangible, non-transitory,
`machine - readable medium storing instructions that when
`machine-readable medium storing instructions that when
`executed by a data processing apparatus cause the data
`executed by a data processing apparatus cause the data
`processing apparatus to perform operations including the
`processing apparatus to perform operations including the
`above - mentioned process .
`above-mentioned process.
`[ 0010 ] Some aspects include a system , including : one or
`[0010] Some aspects include a system, including: one or
`more processors ; and memory storing instructions that when
`more processors; and memory storing instructions that when
`executed by the processors cause the processors to effectuate
`executed by the processors cause the processors to effectuate
`operations of the above - mentioned process .
`operations of the above-mentioned process.
`BRIEF DESCRIPTION OF THE DRAWINGS
`BRIEF DESCRIPTION OF THE DRAWINGS
`[ 0011 ] The above - mentioned aspects and other aspects of
`[0011] The above-mentioned aspects and other aspects of
`the present techniques will be better understood when the
`the present techniques will be better understood when the
`present application is read in view of the following figures
`present application is read in view of the following figures
`in which like numbers indicate similar or identical elements :
`in which like numbers indicate similar or identical elements:
`[ 0012 ]
`FIG . 1A is a block logical and physical architecture
`[0012] FIG. lA is a block logical and physical architecture
`diagram of a computing environment having a scanning
`diagram of a computing environment having a scanning
`engine in accordance with some embodiments of the present
`engine in accordance with some embodiments of the present
`techniques ;
`techniques;
`[ 0013 ] FIG . 1B is a block logical and physical architecture
`[0013] FIG. 1B is a block logical and physical architecture
`diagram of a computing environment having a results engine
`diagram of a computing environment having a results engine
`in accordance with some embodiments of the present tech
`in accordance with some embodiments of the present tech-
`niques ;
`niques;
`[ 0014 ] FIG . 2 is a flowchart of an example of a process
`[0014] FIG. 2 is a flowchart of an example of a process
`executed by the scanning engine of FIG . 1A to generate and
`executed by the scanning engine of FIG. lA to generate and
`apply test specifications in accordance with some embodi
`apply test specifications in accordance with some embodi-
`ments of the present techniques ;
`ments of the present techniques;
`
`

`

`US 2020/0097662 A1
`US 2020/0097662 Al
`
`2
`2
`
`Mar. 26 , 2020
`Mar. 26, 2020
`
`[ 0015 ]
`FIG . 3A is a flowchart of an example of a process
`[0015] FIG. 3A is a flowchart of an example of a process
`executed by a plugin of a integrated development environ
`executed by a plugin of a integrated development environ-
`ment to annotate code specifying container images with
`ment to annotate code specifying container images with
`alerts relating to potential security vulnerabilities in accor
`alerts relating to potential security vulnerabilities in accor-
`dance with some embodiments of the present techniques ;
`dance with some embodiments of the present techniques;
`[ 0016 ] FIG . 3B is an example of a user interface created
`[0016] FIG. 3B is an example of a user interface created
`by the process of FIG . 3A in accordance with some embodi
`by the process of FIG. 3A in accordance with some embodi-
`ments of the present techniques ;
`ments of the present techniques;
`[ 0017 ]
`FIG . 3C is another example of a user interface
`[0017] FIG. 3C is another example of a user interface
`created by the process of FIG . 3A in accordance with some
`created by the process of FIG. 3A in accordance with some
`embodiments of the present techniques ;
`embodiments of the present techniques;
`[ 0018 ]
`FIG . 4 is a flowchart of an example of a process
`[0018] FIG. 4 is a flowchart of an example of a process
`executed by the scanning engine of FIG . 1A to generate
`executed by the scanning engine of FIG. 1A to generate
`container score records in accordance with some embodi
`container score records in accordance with some embodi-
`ments of the present techniques ;
`ments of the present techniques;
`[ 0019 ] FIG . 5 is a flowchart of an example of a process
`[0019] FIG. 5 is a flowchart of an example of a process
`executed by the results engine of FIG . 1A or 1B to generate
`executed by the results engine of FIG. 1A or 1B to generate
`a combined threat score in accordance with some embodi
`a combined threat score in accordance with some embodi-
`ments of the present techniques ;
`ments of the present techniques;
`[ 0020 ]
`FIG . 6 is an example of a user interface showing a
`[0020] FIG. 6 is an example of a user interface showing a
`combined threat score in accordance with some embodi
`combined threat score in accordance with some embodi-
`ments of the present techniques ; and
`ments of the present techniques; and
`[ 0021 ] FIG . 7 is a block diagram of an example of a
`[0021] FIG. 7 is a block diagram of an example of a
`computing device with which the above - describe techniques
`computing device with which the above-describe techniques
`may be implemented .
`may be implemented.
`[ 0022 ] While the present techniques are susceptible to
`[0022] While the present techniques are susceptible to
`various modifications and alternative forms , specific
`various modifications and alternative forms, specific
`embodiments thereof are shown by way of example in the
`embodiments thereof are shown by way of example in the
`drawings and will herein be described in detail . The draw
`drawings and will herein be described in detail. The draw-
`ings may not be to scale . It should be understood , however ,
`ings may not be to scale. It should be understood, however,
`that the drawings and detailed description thereto are not
`that the drawings and detailed description thereto are not
`intended to limit the present techniques to the particular
`intended to limit the present techniques to the particular
`form disclosed , but to the contrary , the intention is to cover
`form disclosed, but to the contrary, the intention is to cover
`all modifications , equivalents , and alternatives falling within
`all modifications, equivalents, and alternatives falling within
`the spirit and scope of the present techniques as defined by
`the spirit and scope of the present techniques as defined by
`the appended claims .
`the appended claims.
`DETAILED DESCRIPTION OF CERTAIN
`DETAILED DESCRIPTION OF CERTAIN
`EMBODIMENTS
`EMBODIMENTS
`[ 0023 ] To mitigate the problems described herein , the
`[0023] To mitigate the problems described herein, the
`inventors had to b