1. Field of the Invention
The present invention relates to a method and an apparatus for security checking an image for a container. More specifically, the present invention relates to a method for performing security checking on an image for creating a container and an apparatus for performing the method.
2. Description of the Related Art
In accordance with the rapid expansion of IT markets, development operating (DevOps) environments allowing for the rapid development and distribution of applications have been demanded. In accordance with the demand, a docker, an open source platform for developing, installing and executing applications, has been emerged. The docker may automatize a container technology to facilitate the use thereof.
The container technology is a solution for resolving problems as to how to stably operate software when the software is transferred from one computing environment to another computing environment. The container technology may be applied to a range from a developer's notebook to test environments, may be applied to a range from staging environments to a production, and may applied to a range from physical equipment within a datacenter to a virtual machine inside a private or public cloud. The container technology and the virtualization technology may have slightly similar aspects but may be differentiated from each other in the following aspect. When the virtualization technology is used, a package to be moved may be a virtual machine, wherein all of the entire operating system and applications may be included. A physical server driving three virtual machines may have a hypervisor and separate three operating systems driven thereabove. On the other hand, containers driving a single operating system may share a server for driving applications contained in three containers and an operating system kernel of the respective containers with one another. The shared portion of the operating system may be provided as read-only while each container may have a mount for writing itself. Therefore, rather than the use of the virtualization technology, the use of the container technology may be advantageous in terms of efficiency in employing computing resources.
A docker is an open platform for developing, installing and executing applications using the container technology. By utilizing the docker, an application may be separated from an infrastructure and the infrastructure may be managed in a similar scheme to that of the application. The docker may be helpful in a more rapid code installation, a more rapid test, and a more rapid distribution, thereby shortening cycles for executing coding and codes.
The docker may provide, based on a lightened container, high degrees of portability, scalability and availability. A docker container may be generated from an image. Therefore, the image is one of the most important security management objects. If security settings (a security configuration) of the image are defective, a container generated using the image may encounter fatal security attacks or may be used in the attacks. Therefore, a method for performing security checking on an image for creating a container and an apparatus for performing the method, have been required.