Abstract: A method and system for code package. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant. The dataset includes general information related to security aspects of the image file. The image file includes two or more image layers. Generating the dataset according to the code package includes: exporting an image layer from the image file; and obtaining a configuration file of the exported image layer as the dataset. In response to the vulnerability having been identified, the image file is updated with a patch that fixes the identified vulnerability. The patch includes a new image layer added to the two or more image layers in the updated image file.

Abstract: A method and system. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant in a cloud environment. The dataset includes general information related to security aspects of the image file. The image file includes two or more image layers. A security indicator of the image file is extracted according to the dataset. A security level of the image file is determined by comparing the extracted security indicator of the image file with a security indicator of an authenticated image file. A vulnerability in the image file is identified based on the determined security level. In response to the vulnerability having been identified, the image file is updated with a patch that fixes the identified vulnerability. The patch includes a new image layer added to the two or more image layers in the updated image file.

Abstract: A method and system for code package. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant. The dataset includes general information related to security aspects of the image file. The image file includes two or more image layers. Generating the dataset according to the code package includes: exporting an image layer from the image file; and obtaining a configuration file of the exported image layer as the dataset. In response to the vulnerability having been identified, the image file is updated with a patch that fixes the identified vulnerability. The patch includes a new image layer added to the two or more image layers in the updated image file.

Abstract: A method and system. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant in a cloud environment. The dataset includes general information related to security aspects of the image file. The image file includes two or more image layers. A security indicator of the image file is extracted according to the dataset. A security level of the image file is determined by comparing the extracted security indicator of the image file with a security indicator of an authenticated image file. A vulnerability in the image file is identified based on the determined security level. In response to the vulnerability having been identified, the image file is updated with a patch that fixes the identified vulnerability. The patch includes a new image layer added to the two or more image layers in the updated image file.

Abstract: A method and associated system. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant in a cloud environment. The dataset includes general information related to security aspects of the image file. A security level of the image file is determined according to the generated dataset. A vulnerability corresponding to the code package is identified based on the security level. In response to the vulnerability having been identified, the code package is updated with a patch associated with the identified vulnerability.

Abstract: A method and associated system. A dataset is generated according to a code package. The code package includes an image file associated with a container for a tenant in a cloud environment. The dataset includes general information related to security aspects of the image file. A security level of the image file is determined according to the generated dataset. A vulnerability corresponding to the code package is identified based on the security level. In response to the vulnerability having been identified, the code package is updated with a patch associated with the identified vulnerability.

Abstract: Systems, methods, and computer program products to perform an operation including receiving an indication to commit a containerized image to an image repository, wherein the containerized image comprises a plurality of layers, and upon validating the containerized image by determining whether each layer of the containerized image is associated with a respective signature value, generating a first signature value for the containerized image, updating a data store for signature values to reflect the first signature value for the containerized image, and committing the containerized image to the repository.

Abstract: A computer-implemented method includes monitoring a template registry for changes in the template registry. In response to detecting a new template in the template registry, the method includes analyzing the new template to identify explicit and implicit metadata corresponding to the new template. The method further includes determining one or more possible link dependencies between a container based on the new template and one or more other containers, respectively, based on the identified explicit and implicit metadata. In addition, the method includes providing container setting recommendations to a user based on the one or more possible link dependencies and the identified explicit and implicit metadata.

Abstract: Embodiments of the invention relate to deploying a program module. The deploying includes obtaining a data dependency relationship between the program module and multiple to-be-deployed program modules, and a specific start order. In response to a request to install and configure the program module, data on which the program module depends are identified according to the data dependency relationship. In addition, the program module is installed and configured responsive to the identified data. The program module is started in response to completion of a startup of program modules required to be started before the program module as specified by the specific start order.