{"id":"https://openalex.org/W7125000314","doi":"https://doi.org/10.1109/seeda-cecnsm68644.2025.11329724","title":"Beyond Container CVE Analysis: A GitOps-Based Attestation and Sandbox Framework for Container Supply Chains","display_name":"Beyond Container CVE Analysis: A GitOps-Based Attestation and Sandbox Framework for Container Supply Chains","publication_year":2025,"publication_date":"2025-09-19","ids":{"openalex":"https://openalex.org/W7125000314","doi":"https://doi.org/10.1109/seeda-cecnsm68644.2025.11329724"},"language":null,"primary_location":{"id":"doi:10.1109/seeda-cecnsm68644.2025.11329724","is_oa":false,"landing_page_url":"https://doi.org/10.1109/seeda-cecnsm68644.2025.11329724","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 10th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.1109/SEEDA-CECNSM68644.2025.11329724","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073346381","display_name":"Evangelos Syrmos","orcid":"https://orcid.org/0000-0001-6504-8660"},"institutions":[{"id":"https://openalex.org/I58918642","display_name":"Sofia University \"St. Kliment Ohridski\"","ror":"https://ror.org/02jv3k292","country_code":"BG","type":"education","lineage":["https://openalex.org/I58918642"]}],"countries":["BG"],"is_corresponding":true,"raw_author_name":"Evangelos Syrmos","raw_affiliation_strings":["K3Y,Sofia,Studentski District,Bulgaria,1700"],"affiliations":[{"raw_affiliation_string":"K3Y,Sofia,Studentski District,Bulgaria,1700","institution_ids":["https://openalex.org/I58918642"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025891312","display_name":"Panagiotis Radoglou\u2010Grammatikis","orcid":"https://orcid.org/0000-0003-1605-9413"},"institutions":[{"id":"https://openalex.org/I58918642","display_name":"Sofia University \"St. Kliment Ohridski\"","ror":"https://ror.org/02jv3k292","country_code":"BG","type":"education","lineage":["https://openalex.org/I58918642"]}],"countries":["BG"],"is_corresponding":false,"raw_author_name":"Panagiotis Radoglou-Grammatikis","raw_affiliation_strings":["K3Y,Sofia,Studentski District,Bulgaria,1700"],"affiliations":[{"raw_affiliation_string":"K3Y,Sofia,Studentski District,Bulgaria,1700","institution_ids":["https://openalex.org/I58918642"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072647401","display_name":"Efklidis Katsaros","orcid":"https://orcid.org/0000-0002-0261-9187"},"institutions":[{"id":"https://openalex.org/I58918642","display_name":"Sofia University \"St. Kliment Ohridski\"","ror":"https://ror.org/02jv3k292","country_code":"BG","type":"education","lineage":["https://openalex.org/I58918642"]}],"countries":["BG"],"is_corresponding":false,"raw_author_name":"Efklidis Katsaros","raw_affiliation_strings":["K3Y,Sofia,Studentski District,Bulgaria,1700"],"affiliations":[{"raw_affiliation_string":"K3Y,Sofia,Studentski District,Bulgaria,1700","institution_ids":["https://openalex.org/I58918642"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056134365","display_name":"Jyoti Sekhar Banerjee","orcid":"https://orcid.org/0000-0001-7896-5206"},"institutions":[{"id":"https://openalex.org/I99601430","display_name":"Maulana Abul Kalam Azad University of Technology, West Bengal","ror":"https://ror.org/030tcae29","country_code":"IN","type":"education","lineage":["https://openalex.org/I99601430"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Jyoti Sekhar Banerjee","raw_affiliation_strings":["Bengal Institute of Technology,Department of Computer Science and Engineering (AI &#x0026; ML),Kolkata,India"],"affiliations":[{"raw_affiliation_string":"Bengal Institute of Technology,Department of Computer Science and Engineering (AI &#x0026; ML),Kolkata,India","institution_ids":["https://openalex.org/I99601430"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119220316","display_name":"Anastasia Kazakli","orcid":null},"institutions":[{"id":"https://openalex.org/I58918642","display_name":"Sofia University \"St. Kliment Ohridski\"","ror":"https://ror.org/02jv3k292","country_code":"BG","type":"education","lineage":["https://openalex.org/I58918642"]}],"countries":["BG"],"is_corresponding":false,"raw_author_name":"Anastasia Kazakli","raw_affiliation_strings":["K3Y,Sofia,Studentski District,Bulgaria,1700"],"affiliations":[{"raw_affiliation_string":"K3Y,Sofia,Studentski District,Bulgaria,1700","institution_ids":["https://openalex.org/I58918642"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088043053","display_name":"Konstandinos Panitsidis","orcid":"https://orcid.org/0000-0001-8299-1511"},"institutions":[{"id":"https://openalex.org/I89506807","display_name":"University of Western Macedonia","ror":"https://ror.org/00a5pe906","country_code":"GR","type":"education","lineage":["https://openalex.org/I89506807"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Konstandinos Panitsidis","raw_affiliation_strings":["University of Western Macedonia,Department of Management Science &#x0026; Technology,Kozani,Greece,50100"],"affiliations":[{"raw_affiliation_string":"University of Western Macedonia,Department of Management Science &#x0026; Technology,Kozani,Greece,50100","institution_ids":["https://openalex.org/I89506807"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019486808","display_name":"V. Vitsas","orcid":"https://orcid.org/0000-0001-7055-6117"},"institutions":[{"id":"https://openalex.org/I183898223","display_name":"International Hellenic University","ror":"https://ror.org/00708jp83","country_code":"GR","type":"education","lineage":["https://openalex.org/I183898223"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Vasileios Vitsas","raw_affiliation_strings":["International Hellenic University,Department of Information and Electronic Systems Engineering,Thessaloniki,Greece,57400"],"affiliations":[{"raw_affiliation_string":"International Hellenic University,Department of Information and Electronic Systems Engineering,Thessaloniki,Greece,57400","institution_ids":["https://openalex.org/I183898223"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011667461","display_name":"P. Sarigiannidis","orcid":null},"institutions":[{"id":"https://openalex.org/I89506807","display_name":"University of Western Macedonia","ror":"https://ror.org/00a5pe906","country_code":"GR","type":"education","lineage":["https://openalex.org/I89506807"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Panagiotis Sarigiannidis","raw_affiliation_strings":["University of Western Macedonia,Department of Electrical and Computer Engineering,Kozani,Greece,50100"],"affiliations":[{"raw_affiliation_string":"University of Western Macedonia,Department of Electrical and Computer Engineering,Kozani,Greece,50100","institution_ids":["https://openalex.org/I89506807"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5073346381"],"corresponding_institution_ids":["https://openalex.org/I58918642"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.8707946,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.44350001215934753,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.44350001215934753,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.1177000030875206,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.09889999777078629,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/devops","display_name":"DevOps","score":0.7835000157356262},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.7832000255584717},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6873999834060669},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.6866999864578247},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5521000027656555},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5210000276565552},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.44369998574256897},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.42809998989105225},{"id":"https://openalex.org/keywords/trusted-computing","display_name":"Trusted Computing","score":0.41100001335144043},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.38440001010894775}],"concepts":[{"id":"https://openalex.org/C9903902","wikidata":"https://www.wikidata.org/wiki/Q3025536","display_name":"DevOps","level":3,"score":0.7835000157356262},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.7832000255584717},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7099999785423279},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7031999826431274},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6873999834060669},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.6866999864578247},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5521000027656555},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5210000276565552},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.44369998574256897},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.42809998989105225},{"id":"https://openalex.org/C2776831232","wikidata":"https://www.wikidata.org/wiki/Q966812","display_name":"Trusted Computing","level":2,"score":0.41100001335144043},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.38440001010894775},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.3813000023365021},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.3596999943256378},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.35740000009536743},{"id":"https://openalex.org/C129230348","wikidata":"https://www.wikidata.org/wiki/Q1140205","display_name":"Disaster recovery","level":2,"score":0.3287000060081482},{"id":"https://openalex.org/C5894958","wikidata":"https://www.wikidata.org/wiki/Q2297769","display_name":"Software agent","level":2,"score":0.3197000026702881},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.31869998574256897},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.31610000133514404},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.3131999969482422},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.31119999289512634},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.30959999561309814},{"id":"https://openalex.org/C174683762","wikidata":"https://www.wikidata.org/wiki/Q609588","display_name":"Component-based software engineering","level":4,"score":0.3050999939441681},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.30379998683929443},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.30219998955726624},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2976999878883362},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.2937999963760376},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.2815999984741211},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.2793999910354614},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.2777999937534332},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.27619999647140503},{"id":"https://openalex.org/C76518257","wikidata":"https://www.wikidata.org/wiki/Q271680","display_name":"Software framework","level":5,"score":0.27309998869895935},{"id":"https://openalex.org/C2778491294","wikidata":"https://www.wikidata.org/wiki/Q1339824","display_name":"Mindset","level":2,"score":0.2653000056743622},{"id":"https://openalex.org/C27713364","wikidata":"https://www.wikidata.org/wiki/Q528166","display_name":"Client","level":3,"score":0.2614000141620636},{"id":"https://openalex.org/C101317890","wikidata":"https://www.wikidata.org/wiki/Q940053","display_name":"Software maintenance","level":4,"score":0.2606000006198883},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2603999972343445},{"id":"https://openalex.org/C43645609","wikidata":"https://www.wikidata.org/wiki/Q60750670","display_name":"Information technology operations","level":3,"score":0.25780001282691956},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.25209999084472656},{"id":"https://openalex.org/C2780992000","wikidata":"https://www.wikidata.org/wiki/Q17016113","display_name":"Generator (circuit theory)","level":3,"score":0.25200000405311584},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.2506999969482422}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/seeda-cecnsm68644.2025.11329724","is_oa":false,"landing_page_url":"https://doi.org/10.1109/seeda-cecnsm68644.2025.11329724","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 10th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM)","raw_type":"proceedings-article"},{"id":"pmh:oai:zenodo.org:18340930","is_oa":true,"landing_page_url":"https://doi.org/10.1109/SEEDA-CECNSM68644.2025.11329724","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferencePaper"}],"best_oa_location":{"id":"pmh:oai:zenodo.org:18340930","is_oa":true,"landing_page_url":"https://doi.org/10.1109/SEEDA-CECNSM68644.2025.11329724","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferencePaper"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":5,"referenced_works":["https://openalex.org/W2997790855","https://openalex.org/W4205688351","https://openalex.org/W4313524909","https://openalex.org/W4393218154","https://openalex.org/W4404323391"],"related_works":[],"abstract_inverted_index":{"As":[0],"software":[1,149],"supply":[2],"chain":[3],"accelerate":[4],"through":[5],"DevOps":[6],"automation":[7],"and":[8,22,60,73,106,115,123,159],"continuous":[9],"delivery,":[10],"container":[11,45,75],"images":[12,46],"have":[13],"become":[14],"the":[15,79,110,133,143],"primary":[16],"vector":[17],"for":[18,71,82,145],"both":[19],"application":[20],"development":[21],"security":[23,124],"compromise.":[24],"While":[25],"static":[26,90],"vulnerability":[27,91],"scanners":[28],"can":[29],"detect":[30],"known":[31],"CVEs,":[32],"they":[33],"are":[34,52],"unable":[35],"to":[36,126],"uncover":[37],"zero-day":[38],"malware":[39],"or":[40,137],"runtime":[41],"threats-":[42],"particularly":[43],"in":[44,132,153],"sourced":[47],"from":[48],"public":[49],"registries,":[50],"which":[51],"maintained":[53],"by":[54],"individual":[55],"contributors":[56],"of":[57,135],"varying":[58],"intent":[59],"trustworthiness.":[61],"In":[62],"this":[63,118],"paper,":[64],"we":[65],"introduce":[66],"a":[67,146],"GitOps-drive":[68],"sandboxing":[69],"framework":[70,111,119,141],"proactive":[72],"tamper-resistant":[74],"image":[76],"attestation,":[77],"addressing":[78],"urgent":[80],"need":[81],"deeper":[83],"analysis":[84],"before":[85],"deployment.":[86],"Our":[87],"approach":[88],"combines":[89],"detection":[92],"with":[93,155],"dynamic":[94],"behavioral":[95],"inspection":[96],"using":[97],"gVisor-based":[98],"sandboxing.":[99],"Through":[100],"filesystem":[101],"analysis,":[102],"system":[103],"call":[104],"tracing,":[105],"network":[107],"activity":[108],"monitoring,":[109],"identifies":[112],"malicious":[113],"patterns":[114],"anomalies.":[116],"Adopting":[117],"will":[120],"empower":[121],"developers":[122],"teams":[125],"enforce":[127],"stronger":[128],"trust":[129],"guarantees":[130],"even":[131],"absence":[134],"SBOMs":[136],"SLSA":[138],"levels.":[139],"This":[140],"lays":[142],"foundations":[144],"resilient,":[147],"trustworthy":[148],"delivery":[150],"at":[151],"scale":[152],"compliance":[154],"NIST":[156],"SP":[157],"800-218":[158],"ISO/IEC":[160],"27001":[161],"standards.":[162]},"counts_by_year":[],"updated_date":"2026-02-23T20:09:44.859080","created_date":"2026-01-21T00:00:00"}