Abstract: Described are techniques for shared library customization. The techniques include generating a customized library for a container image associated with an application and a shared library. The customized library includes a subset of the shared library with functionalities utilized by the application retained in the customized library and functionalities not utilized by the application removed from the customized library. The techniques further include executing the application on a deployed container image, where the application utilizes the customized library.

Abstract: An example operation may include one or more of determining that a software artifact hosted by a pod within a cluster of a host platform contains code that is a security vulnerability, identifying a function within the software artifact that requests the code, activating a filter within the pod of the host platform which prevents execution of the function within the software artifact, and installing a fix for the security vulnerability within the software artifact.

Abstract: Automated generation of security policies for container execution includes performing automated static analysis of binary code of a containerized application and generating, based on the static analysis, a control-flow graph of expected runtime execution flow of the containerized application, the containerized application providing an expected set of functionality when properly executing, inferring, from the expected runtime execution flow of the containerized application, security policy configurations for a plurality of resources used in execution of the containerized application and that suffice for the containerized application to provide the expected set of functionality, and automatically generating, as part of configuration file(s) used in deploying a container having the containerized application for execution, a security policy for execution of the container including the containerized application thereof, the security policy specifying the security policy configurations for the plurality of resource

Abstract: Described are techniques for shared library customization. The techniques include generating a customized library for a container image associated with an application and a shared library. The customized library includes a subset of the shared library with functionalities utilized by the application retained in the customized library and functionalities not utilized by the application removed from the customized library. The techniques further include executing the application on a deployed container image, where the application utilizes the customized library.