	US 12,216,766 B2
	Techniques for assessing container images for vulnerabilities
Olgierd Stanislaw Pieczul, Dublin (IE)
Assigned to Oracle International Corporation, Redwood Shores, CA (US)
Filed by Oracle International Corporation, Redwood Shores, CA (US)
Filed on Feb. 4, 2022, as Appl. No. 17/592,737.
Prior Publication US 2023/0252157 A1, Aug. 10, 2023
Int. Cl. G06F 21/57 (2013.01); G06F 21/55 (2013.01)

CPC G06F 21/577 (2013.01) [G06F 21/554 (2013.01)]

20 Claims

1. A method performed by one or more processors by executing a set of computer-readable instructions, the method comprising:

determining, based upon metadata associated with a container image to be processed for vulnerabilities, the container image including a hierarchy of a plurality of layers;

calculating a vulnerability score for each layer in the plurality of layers based upon scan results generated from scanning a plurality of container images for vulnerabilities at a given time;

computing a vulnerability score for the container image based upon the vulnerability scores calculated for the plurality of layers by accessing the vulnerability scores calculated for each of the plurality of layers included in the container image, and based on a weight assigned to a position of the layer in the hierarchy of the plurality of layers;

generating a vulnerability report for the container image, the vulnerability report including the vulnerability score for the container image; and

determining whether to scan the container image based on the vulnerability report.