SEAF: A Scalable, Efficient, and Application-independent Framework for container security detection

Container technology has become a popular development that can conveniently accelerate building, running, and sharing applications. However, a container image packaging a collection of software usually lurks various defects threatening consumer safety, such as embedded malware, software vulnerability, privacy leakage, etc. Moreover, developers and users share container images through a centralized, public, and massive repository (e.g., Docker Hub), which can magnify the impact of these security defects in a fast-spreading way. Unfortunately, existing detection methods cannot effectively or efficiently discover such hidden flaws among the numerous images.