US 11,656,864 B2
Automatic application of software updates to container images based on dependencies
Qin Yue Chen, Shanghai (CN); Xin Peng Liu, Beijing (CN); Han Su, Shanghai (CN); and Fei Fei Li, Huang Pu (CN)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed on Sep. 22, 2021, as Appl. No. 17/448,393.
Prior Publication US 2023/0091915 A1, Mar. 23, 2023
Int. Cl. G06F 8/658 (2018.01); G06F 8/61 (2018.01); G06F 8/41 (2018.01); G06F 11/07 (2006.01); G06F 11/14 (2006.01); G06F 9/455 (2018.01); G06F 21/57 (2013.01)
CPC G06F 8/658 (2018.02) [G06F 8/433 (2013.01); G06F 8/63 (2013.01); G06F 9/45558 (2013.01); G06F 11/0712 (2013.01); G06F 11/142 (2013.01); G06F 21/57 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45579 (2013.01); G06F 2009/45587 (2013.01); G06F 2201/815 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A method for automatically applying one or more software patches to software associated with container images based upon image relationships in a dependency tree, the method comprising:
determining by a computing device whether software associated with a base container image requires one or more software patches;
accessing by the computing device one or more dependency trees maintaining image relationships between the base container image and one or more dependent container images;
determining by the computing device based upon the accessed one or more dependency trees whether the base container image has one or more dependent container images derived from the base container image;
checking whether the one or more software patches the base container image requires are compatible with the one or more dependent container images, when checking for compatibility the computing device checks whether the one or more software patches are compatible in a patch coverage table;
applying by the computing device the one or more software patches to the software associated with the base container image;
rebuilding by the computing device the base container image with the applied one or more software patches; and
rebuilding by the computing device one or more dependent container images dependent upon the rebuilt base container image.