Containerization is a popular and growing trend in software development. It allows users to save an ‘image’ of an operating system and its installed programs that can be replicated on another computer. It is common practice to download community-made images from sites such as Docker Hub. These images may contain software with known vulnerabilities which is why there are scanning tools that can be used to determine if an image contains any vulnerable software. Scanning tools are effective at detecting vulnerabilities but it has been proven that they can be fooled into giving incorrect results by manipulating the images. While there is research that has covered this topic it has only been done in a broad sense without exploring the details of individual exploits against scanners through maliciously modified images. This thesis aimed to fill this knowledge gap by answering the following research question.

How can container images be maliciously manipulated in order to disrupt container image scanners?

The research question was answered through a series of experiments where an image was manipulated in various ways with the goal of passing vulnerable software through one of the scanning tools undetected. This was done mainly through editing the package manager in the Linux operating system that keeps track of all installed software which it was discovered that the scanners heavily relied upon.

The thesis achieved its goal of creating new research that expands upon the field and covers individual exploits in depth that has previously been lacking in publically available research. The research can be used by users and developers as a warning of dangers that must be addressed and kept in mind when using community-made images. The individual exploits could also be used by bad actors with malicious intent until the scanners have been adapted to protect against them. The research can also be used as a base for future research such as going beyond the limitations of this thesis to discover and address new exploits.