Computers use operating systems to manage system processes and resources. Some operating systems, such as the Linux operating system, include a low-level software component for managing system processes and resources. The low-level software component is called a “kernel.” The kernel can provide features, such as namespaces and cgroups, for isolating processes and resources from one another. These features can be used to segregate processes and resources (e.g., memory, CPU processing power, and network resources) into isolated virtual environments called “containers.” Containers can be launched from image files, which can be referred to as container images.
Container images can depend on other container images. For example, a container image for a web server can depend on another container image for a HyperText Transfer Protocol (HTTP) Daemon used by the web server. In some cases, one container image can be a dependency for dozens or hundreds of other container images.
Occasionally, problems with container images (e.g., software in the container image) are identified and communicated to developers of the container images. Examples of such problems can include bugs, exploits, unpatched program code, or any combination of these. The problems may be communicated to the developers in the form of a Common Vulnerability and Exposure (CVE) alert or another type of alert. The developers typically fix the problems and release an updated version of the container image, which can then be downloaded by consumers and used to launch an updated version of the container.