Jonathan Hill

Details about this project

This paper aims to provide an insight into the popular NIST security control framework and provide analysis, discussion, and evaluation of the effectiveness of popular open-source, static vulnerability assessment tools. A Virtual Machine is used to provide a Linux Ubuntu OS within the investigation. The three vulnerability assessment tools chosen for this study include Dagda, Grype and Trivy. All three tools are open-source and provide static analysis of container images through a Command Line Interface within the Linux VM. The tools within the study were used to run rigorous tests on twenty container images to scan for CVEs within both OS and non-OS libraries. The results from the test are used to provide an overall analysis of the effectiveness of each tool.