This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Log in to ask a question

How does google artifact registry detect vulnerabilities in container images

Posted on 09-21-2022 11:50 AM
sadunhaq123
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I am a PhD Student at University of Texas At San Antonio (UTSA) and I am doing research on container security and performance. I wanted to know how google artifact registry detects vulnerabilities in container images, like does it work by detecting packages or by analyzing something else? Or does it use any type of scanning tools, or does it use its own. I am scanning official images from DockerHub and scanning them using Snyk, Trivy and Clair. I also uploaded images in Google Artifact Registry and the results do not really match, so I am curious regarding what tools does Registry use. Also what database does Google Artifact use? The tools use a combination of VulDB, NVD, Alpine-Sec, RHEL and other databases. Does google use the same?

This is my first question here, so forgive me if I made any mistake.

Any sort of reply will be highly appreciated.

Thank You.

0 0 194
Topic Labels
0 Likes
Reply
0 REPLIES 0
Top Labels in this Space