Code package processing

Assignee

• International Business Machines Corporation · US

Inventors

• Peng Cui · Beijing, CN
• Dong Hui · Beijing, CN
• Tan Jiang · Beijing, CN
• Da Hu Kuang · Beijing, CN
• Lan Ling · Beijing, CN
• Xu Peng · Shenyang, CN
• Liang Wang · San Jose, US
• Chun Xiao Zhang · Beijing, CN
• Yu ZHANG · Beijing, CN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/033
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method and system. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant in a cloud environment. The dataset includes general information related to security aspects of the image file. The image file includes two or more image layers. A security indicator of the image file is extracted according to the dataset. A security level of the image file is determined by comparing the extracted security indicator of the image file with a security indicator of an authenticated image file. A vulnerability in the image file is identified based on the determined security level. In response to the vulnerability having been identified, the image file is updated with a patch that fixes the identified vulnerability. The patch includes a new image layer added to the two or more image layers in the updated image file.