Abstract:
The shift of the software development industry towards a more Agile and DevOps
centered approach to have smaller and faster release cycles has led to the rapid
adaptability of Docker. Docker presents itself as a lightweight solution to package
applications into images with all the required libraries and environments. Such
images can present some serious security vulnerabilities due to their dependability
on the host operating system and distribution mechanism of public registries. A
dedicated security vulnerability service can detect these threats by scanning the
images periodically and isolating them from the production environment. Such an
event-driven approach is best suited for a serverless architecture that is not only
automated but more cost-effective and scalable than the conventional approach. In
this thesis, the design and implementation of a dedicated Docker scanning service
have been presented that is based on the serverless architecture using Amazon cloud
services as the underlying infrastructure. The comparative analysis of the proposed
design in comparison to a conventional security deployment model around four
major factors including performance, cost, privileges, and scalability has shown
promising results and highlights the benefits of shifting towards Serverless in the
form of statistical data.
