Abstract: An example method includes determining, based on a static scan, that a software container image or an intended execution environment of the software container image meets one or more first criteria required to exploit a software vulnerability. Based on the determining, runtime behavior of a software container instantiated from the software container image is monitored. The monitoring including determining whether the software container meets one or more second criteria required to exploit the software vulnerability, wherein the one or more first second criteria differs from the one or more second criteria. Based on the runtime monitoring, a risk score that indicates a magnitude of a risk the software vulnerability poses for the software container is determined, and a notification of the risk score is provided. A system for assessing software containers for vulnerabilities is also disclosed.

Abstract: An example method includes determining, based on a static scan, that a software container image or an intended execution environment of the software container image meets one or more first criteria required to exploit a software vulnerability. Based on the determining, runtime behavior of a software container instantiated from the software container image is monitored. The monitoring including determining whether the software container meets one or more second criteria required to exploit the software vulnerability, wherein the one or more first second criteria differs from the one or more second criteria. Based on the runtime monitoring, a risk score that indicates a magnitude of a risk the software vulnerability poses for the software container is determined, and a notification of the risk score is provided. A system for assessing software containers for vulnerabilities is also disclosed.

Abstract: A system can include a hardware processor and a memory communicably coupled to the hardware processor, the memory for storing data. The hardware processor is to identify, by a testing engine, a function call in computer code; identify, from an identifier of the function call, a test case stored in the memory and mapped to the function call, the test case comprising one or more testing scenarios to test the function call; test the computer code using the test case; and provide a report identifying a result of the testing of the computer code.

Abstract: Techniques are disclosed relating to secure processing of requests from users to access resources. In some embodiments, an apparatus receives, in a first transaction, a request from a first user to access a first resource. In some embodiments, the apparatus is configured to process the request to determine a set of authorizers, with encrypted identifiers, to authorize the transaction. In some embodiments, the apparatus is configured to pseudo-randomly select an authorizer for the request from among the determined set of authorizers with encrypted identifiers. In some embodiments, the apparatus is configured to send a request for approval to the selected authorizer. In some embodiments, the apparatus is configured to transmit a response to the first user based on a decision from the authorizer concerning the first transaction. In some embodiments, the secure authorizer selection module communicates the decision to the user without identifying the authorizer.