US 11,954,219 B1
System, method, and computer program for universal security of container images
Nir Makmal, Petah Tikva (IL); Gil Aizenband, Petah Tikva (IL); Rami Rozenblat, Ashkelon (IL); Ian Klein, Hatfield (GB); Lior Mazor, Tzufim (IL); and Cedric Gegout, Rennes (FR)
Assigned to AMDOCS DEVELOPMENT LIMITED, Limassol (CY)
Filed by Amdocs Development Limited, Limassol (CY)
Filed on Nov. 15, 2021, as Appl. No. 17/526,972.
Int. Cl. G06F 21/62 (2013.01); H04L 9/32 (2006.01)
CPC G06F 21/6218 (2013.01) [H04L 9/3247 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A non-transitory computer-readable media storing computer instructions which when executed by one or more processors of a device cause the device to:
identify a request to access a container image;
in response to the request, retrieve a digest of the container image from a container registry that stores the container image and the digest of the container image;
retrieve, from a safe list repository, a safe list of digests previously generated for the container image;
verify a signature used to sign the safe list;
in response to verifying the signature used to sign the safe list, validate the digest retrieved from the container registry against the digests included in the safe list; and
provide the container image from the container registry as a response to the request, based on a result of the validating.